A secure Internet requires a secure network protocol
http://www.infoworld.com/article/07/06/22/25OPsecadvise_1.html
from above:
Implementing -- and requiring -- stronger authentication and cryptography standards
is the next step toward a new Internet
... snip ...
i would contend that majority of exploits are attacks on (vulnerable) end-points
... not directly involving any actual network protocol or cryptography; this includes
(updated) variations on old-time "social engineering" ... which has some relation
to authentication (between end-points) ... but on par with crooks using the telephone
to call people and convince them of one thing or another (and then suggesting that
encrypting the telephone call transmission would eliminate the problem).
one of the things seen in various of the SSL (authentication) vulnerabilities
... are attackers being able to ("authenticate") prove who they claim to be
... however, who they claim to be for SSL authentication ... and who they
claim to be for their "social engineering" attacks ... may not be exactly the
same.
As before, one of the largest class of attacks (not restricted to internet) are
against information related to payment transactions and which (largely because of
weak authentication in unrelated parts of the infrastructure) is then turned
around and relatively easily used for fraudulent financial transactions. misc.
past posts on the theme of "naked" transactions.
http://www.garlic.com/~lynn/subintegrity.html#payment
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]