In message <[EMAIL PROTECTED]>, "James A. Donald" writes: > -- You wrote: > >2. Phishers are after shared secrets, so secure each >shared secret, and thus each relationship, with >SRP-TLS-OpenSSL This also requires that establishing a >relationship, and verifying a shared secret, should be >part of the browser chrome, rather than a particular >application of generic web forms. >
No -- what phishers are after is money. They get that today by going after shared secrets. If banks change, they'll change. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]