--
My proposal closes off the major attack path
John Levine wrote:
It doesn't do anything about the obvious attack path
of phishing credentials from the users to stick bogus
trusted entries into their accounts.
Actually it does. Think about it.
My examples showed all sorts of benign
Leichter, Jerry wrote:
I think the whole notion of decentralizing *everything* has turned out
to be a trap. Yes, it makes for great cryptography and system design to
find ways to do without a trusted third party. But the resulting
systems just don't fit the way people think and work. Trust
John Levine wrote:
It doesn't do anything about the obvious attack path of phishing
credentials from the users to stick bogus trusted entries into their
accounts. My examples showed all sorts of benign looking situations
in which users provide their credentials to parties of unknown
identity or
Guus Sliepen wrote:
On Thu, Feb 15, 2007 at 02:47:05PM -0800, Ed Gerck wrote:
Zmail actually reduces the amount of trust by not storing your usercode,
password, or keys anywhere. This makes sense for zmail, and is an incentive
to actually do it, to reduce risk -- anyone breaking into any
John Levine wrote:
The great thing about Internet e-mail is that
vast numbers of different mail systems that do not know or trust each
other can communicate without prearrangement.
That's not banking. Banks and their clients already have a trusted
relationship. The banks webmail interface
On Tue, 13 Feb 2007, Anne Lynn Wheeler wrote:
| ...part of the problem was that the PKI financial model is out of
| kilter with standard business practices. nominally a relying party has
| some sort of relationship with the certification authority (i.e. what
| they are relying on) and there is
your
own money is at stake if you vouch for someone untrustworthy, you
can't just go hand certs out to anyone who shows up at your door.
re:
http://www.garlic.com/~lynn/aadsm26.htm#32 Failure of PKI in message
http://www.garlic.com/~lynn/aadsm26.htm#33 Failure of PKI in messaging ...
addenda
note
* James A. Donald:
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
Ivan Krstić wrote:
This is, in my experience, exactly right. I'm trying
to take some steps for the better on the OLPC: all
e-mails and IMs will be signed transparently and by
default, with the possibility of being encrypted by
default in countries where it's not a problem. This'll
help with
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as self-trust. Anyone
interested in
| Banks [use] a web interface, after the user logs in to their account.
|
| So, what's missing in the email PKI model is two-sidedness.
| Fairness.
|
| Not really. What's missing is, if you'll pardon the phrase, a central
| point of failure.
|
| If you can persuade everyone to use a single
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
Meanwhile, the next generation of users is growing up on the immediacy
of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to use email when coordinating a place to
meet in the next 10-15
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
Meanwhile, the next generation of users is growing up on the immediacy
of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to
Leichter, Jerry wrote:
On the other hand, the push/pull combination of spam and IM/SMS are well
on their way to killing Internet mail.
Video killed the radio star? I'm an IM partisan, but even I have given
up on trying to kill off email.
Meanwhile, the next generation of users is
Suppose we have a messaging service that, like Yahoo, is
also a single signon service, ...
Then you just change the attack model.
There are a bunch of sites that do various things with your address
book ranging from the toxic Plaxo which slurps it up and sends spam to
everyone in it masquerading
--
John Levine wrote:
What's missing is, if you'll pardon the phrase, a
central point of failure.
If you can persuade everyone to use a single system,
it's not hard to make communication adequately secure.
But there is a central point. ICANN is responsible for
internet names and
--
Ed Gerck wrote:
That's not banking. Banks and their clients already
have a trusted relationship. The banks webmail
interface leverages this to provide a trust reference
that the user can easily verify (yes, this is my name
and balance). That's why it works, and that's what is
missing
James A. Donald wrote:
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as self-trust.
If you can persuade everyone to use a single system,
it's not hard to make communication adequately secure.
...
You are making the Katrina reaction we need someone in
charge. ...
Oh, not at all. I guess I wasn't clear. To the extent that people use
a single system it can be secure, but
Steven M. Bellovin wrote:
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze [EMAIL PROTECTED] wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email
Ian G wrote:
Steven M. Bellovin wrote:
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze [EMAIL PROTECTED] wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management
Ian G wrote:
Actually, there are many problems. If you ask the low-level crypto
guys, they say that the HI is the problem. If you ask the HI guys, they
say that the PKI concept is the problem. If you ask the PKI people,
they say the users are not playing the game, and if you ask the users
Ian G wrote:
Actually, there are many problems. If you ask the low-level crypto
guys, they say that the HI is the problem. If you ask the HI guys, they
say that the PKI concept is the problem. If you ask the PKI people,
they say the users are not playing the game, and if you ask the users
The solution is simpler than it seems.
Let's first look at one scenario that is already working
and use it as an example to show how the email scenario
may work.
Banks are already, and securely, sending and receiving
online messages to/from their clients. This is done by
a web interface, after
--
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
I have heard that the reason no one signs using PKI is
that lots of email clients throw up panic dialogs
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much better than currently exists
in web browsers).
Otherwise the phishers could
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze [EMAIL PROTECTED] wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much
27 matches
Mail list logo