Andy Steingruebl <[email protected]> writes: >Got a prioritized list? I'll tell you what I'm doing about them. Quite >seriously actually...
See my off-list reply (it's my earlier ref to the EuroPKI talk again :-), I'll post the slides next week when I've done the talk. >Actually, figuring out whether your solution will actually work is an >experiment right? We can't know in advance for all of them, and w can't even >always A/B test things. Sure, figuring out whether it'll actually work is an experiment. OTOH we have vast masses of data on what phishers are doing, so while we can't easily tell what will work, we can tell fairly easily what won't work. If it doesn't address anything that phishers are doing then we know, without even bothering to deploy it, that it'll have no effect. We can then concentrate defences in those areas where the bad guys are actually attacking. It's quite possible that some of those will be remarkably effective, but at the moment we don't know because browsers do nothing to protect users apart from trusting in browser PKI [0], one of the things we already know doesn't work because it doesn't address anything that phishers are exploiting. Peter. [0] I'm not counting site blacklists in this, since they're mostly pointless. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
