Anne & Lynn Wheeler wrote:
> a more sensible human factors design ... is to remember whether a person
> has checked out first time communication with a stranger ... the real
> first time, have the person do something additional ... and from then on
> remember that checking. in that respect ... creating a dependency on the
> user to repeatedly check a field that changes possibly thousands of
> times per day is extremely poor human factors security design.

This is the SSH design for host keys, of course, and also the petnames
design for URLs. Unfortunately petnames don't solve the problem that it
is hard to check the URL even the first time.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to