John Levine wrote:
The great thing about Internet e-mail is that
vast numbers of different mail systems that do not know or trust each
other can communicate without prearrangement.
That's not banking. Banks and their clients already have a trusted
relationship. The banks webmail interface
On Tue, 13 Feb 2007, Anne Lynn Wheeler wrote:
| ...part of the problem was that the PKI financial model is out of
| kilter with standard business practices. nominally a relying party has
| some sort of relationship with the certification authority (i.e. what
| they are relying on) and there is
Leichter, Jerry wrote:
It's interesting to follow up on this idea, because it shows just how
profound the problem is. Imagine starting a business that ran a PKI
and did business the old way: You would charge someone *presenting*
an alleged certificate for an OK. The OK would, for the fee
* James A. Donald:
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
Ivan Krstić wrote:
This is, in my experience, exactly right. I'm trying
to take some steps for the better on the OLPC: all
e-mails and IMs will be signed transparently and by
default, with the possibility of being encrypted by
default in countries where it's not a problem. This'll
help with
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as self-trust. Anyone
interested in
Related to this announcement, credentica.com (Stefan Brands' company)
has released U-Prove, their toolkit SDK for doing limited-show,
selective disclosure and other aspects of the Brands credentials.
http://www.credentica.com/uprove_sdk.html
(Also on Stefans blog
http://www.intel.com/technology/architecture/new_instructions.htm
ftp://download.intel.com/technology/architecture/new-instructions-paper.pdf
Page 7 of the PDF describes the POPCNT application-targeted accelerator.
John
PS: They don't give much detail, but they seem to be adding a grep
| Banks [use] a web interface, after the user logs in to their account.
|
| So, what's missing in the email PKI model is two-sidedness.
| Fairness.
|
| Not really. What's missing is, if you'll pardon the phrase, a central
| point of failure.
|
| If you can persuade everyone to use a single
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
Meanwhile, the next generation of users is growing up on the immediacy
of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to use email when coordinating a place to
meet in the next 10-15
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
Meanwhile, the next generation of users is growing up on the immediacy
of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to
Leichter, Jerry wrote:
On the other hand, the push/pull combination of spam and IM/SMS are well
on their way to killing Internet mail.
Video killed the radio star? I'm an IM partisan, but even I have given
up on trying to kill off email.
Meanwhile, the next generation of users is
Suppose we have a messaging service that, like Yahoo, is
also a single signon service, ...
Then you just change the attack model.
There are a bunch of sites that do various things with your address
book ranging from the toxic Plaxo which slurps it up and sends spam to
everyone in it masquerading
Adam Back wrote:
Related to this announcement, credentica.com (Stefan Brands' company)
has released U-Prove, their toolkit SDK for doing limited-show,
selective disclosure and other aspects of the Brands credentials.
http://www.credentica.com/uprove_sdk.html
(Also on Stefans blog
The most interesting bit of the article:
And how exactly would users know that it was the quantum computer
rather than a human or ordinary computer answering their queries?
There's really no way to convince a skeptic who's accessing the
machine remotely, Rose admits. For now,
I'm happy to forward more messages on security and email, but the
messages just on email vs. IM etc. are way off topic.
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
--
John Levine wrote:
What's missing is, if you'll pardon the phrase, a
central point of failure.
If you can persuade everyone to use a single system,
it's not hard to make communication adequately secure.
But there is a central point. ICANN is responsible for
internet names and
--
Ed Gerck wrote:
That's not banking. Banks and their clients already
have a trusted relationship. The banks webmail
interface leverages this to provide a trust reference
that the user can easily verify (yes, this is my name
and balance). That's why it works, and that's what is
missing
James A. Donald wrote:
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as self-trust.
If you can persuade everyone to use a single system,
it's not hard to make communication adequately secure.
...
You are making the Katrina reaction we need someone in
charge. ...
Oh, not at all. I guess I wasn't clear. To the extent that people use
a single system it can be secure, but
Another interesting piece is that even D-Wave's own Chief Executive
Herb Martin says the machine isn't a real quantum computer, but is
instead a kind of special-purpose machine that uses some quantum
mechanics.
21 matches
Mail list logo
