James A. Donald wrote:
I was unaware of this. So I googled for DNSSEC. Reading
the DNSSEC documents I found
: :In order to support the larger DNS message
: :sizes that result from adding the DNSSEC RRs,
: :DNSSEC also requires EDNS0 support ([RFC
: :671]).
and
: :its
James A. Donald wrote:
In an organization with hundreds of administrators
managing tens of thousand of machines, what goes wrong
with trusting your key store? And who administers
Kerberos? Don't they have a problem with tens of
thousands of machines?
the original pk-init draft for kerberos
--
Jeffrey Altman wrote:
Unfortunately, SRP is not the solution to the phishing
problem. The phishing problem is made up of many
subtle sub-problems involving the ease of spoofing a
web site and the challenges involved in securing the
enrollment and password change mechanisms.
With SRP,
--
Lance James wrote:
Here's where SRP fails:
1) SSL is built into the browser - doesn't stop
phishers
SSL protects true names, SRP protects true
relationships. Protecting true names turned out to be
not very useful.
Hi, we're having a problem with your account system
as our SRP
* Ka-Ping Yee:
Passpet's strategy is to customize a button that you click. We
are used to recognizing toolbar buttons by their appearance, so
it seems plausible that if the button has a custom per-user icon,
users are unlikely to click on a spoofed button with the wrong
icon. Unlike other
* Anne Lynn Wheeler:
Florian Weimer wrote:
If you've deployed two-factor authentication (like German banks did in
the late 80s/early 90s), the relevant attacks do involve compromised
customer PCs. 8-( Just because you can't solve it with your technology
doesn't mean you can pretend the
On Thu, 1 Jun 2006, Jeffrey Altman wrote:
Solving the phishing problem requires changes on many levels:
I agree.
(1) Some form of secure chrome for browsers must be deployed where
the security either comes from a trusted desktop or by per-user
customizations that significantly
Florian Weimer wrote:
FINREAD is really interesting. I've finally managed to browse the
specs, and it looks as if this platform can be used to build something
that is secure against compromised hosts. However, I fear that the
support costs are too high, and that's why it hasn't caught on in
Anne Lynn Wheeler wrote:
if they can build a $100 PC ... you think that they could build a
finread terminal for a couple bucks. sometimes there are issues with
volume pricing ... you price high because there isn't a volume and there
isn't a volume because you price high.
re: