-- James A. Donald wrote: > > However, the main point of attack is phishing, when > > an outsider attempts to interpose himself, the man > > in the middle, into an existing relationship between > > two people that know and trust each other.
Anne & Lynn Wheeler <[EMAIL PROTECTED]> > in the traditional, ongoing relationship scenario, > relying parties directly record authentication > information of the parties they are dealing with. if a > relying party were to directly record the public key > of the people they are communicating with ... it is > the trusting of that public key and the validating of > associated public key operations that provide for the > countermeasure for man-in-the-middle attacks and > phishing attacks. This was the scenario envisaged when PKI was created, but I don't see it happening, and in fact attempting to do so using existing user interfaces is painful. They don't seem designed to do this. My product, Crypto Kong, http://echeque.com/Kong was designed to directly support this scenario in a more convenient fashion - it keeps a database of past communications and their associated keys, but there did not seem to be a lot of interest. I could have made it more useful, given it more capabilities, but I felt I was missing the point --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4ostZwIWJbNX6/eRYYX4QMLG5GGNUaPJao5ZKKGB 4Bt20kCp2fkd6wgjBDjYMz5ZqUEnTYL4O3aTalDOB --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
