Adam Fields wrote:
Moreover, in my experience (as I've mentioned before on this list),
noticing an invalid certificate is absolutely useless if the banks
won't verify via another channel a) that it changed, b) what the new
value is or c) what the old value is.

I've tried. They won't/can't.

one might claim then that a solution is to go to a PGP-like repository of trusted public keys (in addition to and/or in conjunction of typical browser repostiory of trusted certification authority public keys). the URL & public key are loaded into the repository and some out-of-band process is used to establish the "trust" level of the information ... and you are involving the end-user in the trust establishment process.

For convenience ... enable this from bookmark and end-user clicks on trusted URLs. then rather than browser using webserver supplied certificate as part of SSL process, the browser uses the onfile trusted public key for that URL.
http://www.garlic.com/~lynn/subpubkey.html#certless

a threat is social-engineering can convince some number of naive users to do just about anything ... including things like updating a trusted public key repository ... and clicking on email obfuscated URLs (what the email claims to be the URL ... in unrelated to what the URL actually is). a major problem is that a large percentage of the population seems to be extremely naive about trust.

some large amount of the skimming and harvesting related fraud is because of existing authentication paradigms that make extensive use of static data and shared-secrets
http://www.garlic.com/~lynn/subpubkey.html#secrets

a countermeasure could be public key and digital signature verification based authentication. extensive use of file-based private keys make them vulnerable to harvesting by viruses ... but also vulnerable to social engineering attacks getting naive users to divulge contents of private key files.

a countermeasure might be hardware tokens where the private key can't be divulged ... even by the token owner. however, social engineering attacks can still get naive users to perform fraudulent transactions on behalf of crooks (even in hardware token based infrastructures). however, the percentage of the population vulnerabile to such attacks might go down as complexity of the social engineering and/or the awareness of the user population goes up.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to