* James A. Donald: > Obviously financial institutions should sign their > messages to their customers, to prevent phishing. The > only such signatures I have ever seen use gpg and come > from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche player. It doesn't help against phishing in the sense that deters the attackers and reduces the PR impact. > I have heard that the reason no one signs using PKI is > that lots of email clients throw up panic dialogs when > they get such a message, and at best they present an > opaque, incomprehensible, and useless interface. Has > anyone done marketing studies to see why banks and > massively phished organizations do not sign their > messages to their customers? Why bother, when it's been shown it doesn't make a difference? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
