TLS / PKI guarantees that the URL in the browser is the one with which it is communicating. Which is completely useless because users do not really confirm that the URL is correct.
Mybank.com looks like mybank.xyz.com. Heck, browsers do not even give the letters different forms, so "Mozilla.org" looks identical to "MoziIIa.org" (capital Is.)
This is how phishing works. Click on a link and enter your password. The number one mechanism to instigate security breaches.
The obvious solution, but never used, is to use the Digest Authentication. That way, only a summary is sent to any phishing site that is not equivalent to a password.
The implicit authentication is an old and broken protocol, considered as pre PKI. It uses MD5, has a poor user interface and is almost never used.
So we move to carry OTP tokens that can be used with the form authorization. Or customer certificates that are a pain to use.
QUESTION: Does anyone know why this big problem has never received attention? Why has the Digest authentication been allowed to rot? In particular, are there relevant patents that have killed this approach? (If so, this is something old, so they will probably expire very soon).
Is it really true that nobody realizes that TLS / PKI is based on an assumption (that users can verify URLs) that is clearly false?
Of course, I'm talking about digestion authentication used in combination with TLS. So the link is encrypted. (Originally, summary authentication was designed to be used instead of TLS (before TLS / SSL was created.))