On 26 May 2005 at 11:24, Ed Gerck wrote:
> A better solution, along the same lines, would have 
> been for Citibank to ask from their account holders 
> when they login for Internet banking, whether they 
> would like to set up a three- or four-character 
> combination to be used in all emails from the bank to 
> the account holder. This combination would not be 
> static, because it could be changed by the user at 
> will, and would not identify the user in any other 
> way.

An even better solution would be if email clients 
silently did key continuity checking on a signature 
hidden in the email headers, if such a header is 
present, and then popped up an SSH style dialog if an 
accustomed key is absent or changed.

With bank web sites, experience has shown that only 0.3% 
of users are deterred by an invalid certificate, 
probably because very few users have any idea what a 
certificate authority is, what it does, or why they 
should care.  (And if you have seen the experts debating 
what a certificate authority is and what it certifies, 
chances are that those few who think they know are 

Do we have any comparable experience on SSH logins? 
Existing SSH uses tend to be geek oriented, and do not 
secure stuff that is under heavy attack.  Does anyone 
have any examples of SSH securing something that was 
valuable to the user, under attack, and then the key 
changed without warning?  How then did the users react? 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to