On 2013-01-07 9:20 AM, Peter Gutmann wrote:
I'll update it as soon as browser PKI starts working (meaning that we have
real evidence that it's effectively preventing the sorts of things attackers
are doing, phishing and so on). Deal?
The fundamental cause of phishing is that it is so easy to present a
false email identity.
A phisher is typically representing himself as an entity with which you
have a login relationship.
To protect against login phishing, we need to both provide
password-authenticated key agreement
<http://en.wikipedia.org/wiki/Password-authenticated_key_agreement>, and
also provide some method whereby entities that have a login relationship
with you can communicate, and get automatically protected from spam
filtering and flagged as coming from an entity where you have a login
relationship - for example, whenever you logged in, your email client
would get information associating a public key with that login
relationship.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
