Guus Sliepen wrote:
> On Thu, Feb 15, 2007 at 02:47:05PM -0800, Ed Gerck wrote:
>
>> Zmail actually reduces the amount of trust by not storing your usercode,
>> password, or keys anywhere. This makes sense for zmail, and is an incentive
>> to actually do it, to reduce risk -- anyone breaking into
On Thu, Feb 15, 2007 at 02:47:05PM -0800, Ed Gerck wrote:
> Zmail actually reduces the amount of trust by not storing your usercode,
> password, or keys anywhere. This makes sense for zmail, and is an incentive
> to actually do it, to reduce risk -- anyone breaking into any zmail server,
> even ph
John Levine wrote:
It doesn't do anything about the obvious attack path of phishing
credentials from the users to stick bogus trusted entries into their
accounts. My examples showed all sorts of benign looking situations
in which users provide their credentials to parties of unknown
identity or
Leichter, Jerry wrote:
> I think the whole notion of decentralizing *everything* has turned out
> to be a trap. Yes, it makes for great cryptography and system design to
> find ways to do without a trusted third party. But the resulting
> systems just don't fit the way people think and work. Tr
--
> > My proposal closes off the major attack path
John Levine wrote:
> It doesn't do anything about the obvious attack path
> of phishing credentials from the users to stick bogus
> trusted entries into their accounts.
Actually it does. Think about it.
> My examples showed all sorts of b
--
John Levine wrote:
> To the extent that people use a single system it can
> be secure, but that doesn't scale.
Globally unique true names do not scale. Relationships
scale.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
k7PJ8x72+ICYQ50DNQkc2sM
> >> Suppose we have a messaging service that, like Yahoo,
> >> is also a single signon service, ...
>
> John Levine wrote:
> > Then you just change the attack model.
>My proposal closes off the major attack path, and leaves the trojan
>and virus attack path wide open.
It doesn't do anything abo
--
>> Suppose we have a messaging service that, like Yahoo,
>> is also a single signon service, ...
John Levine wrote:
> Then you just change the attack model.
My proposal closes off the major attack path, and leaves
the trojan and virus attack path wide open.
But I have not had a trojan o
> > If you can persuade everyone to use a single system,
> > it's not hard to make communication adequately secure.
> ...
>You are making the Katrina reaction "we need someone in
>charge". ...
Oh, not at all. I guess I wasn't clear. To the extent that people use
a single system it can be secure,
James A. Donald wrote:
> Ed Gerck wrote:
>> I am using this insight in a secure email solution that provides
>> just that -- a reference point that the user trusts, both sending
>> and receiving email. Without such reference point, the user can
>> easily fall prey to con games. Trust begins as "sel
--
Ed Gerck wrote:
> That's not banking. Banks and their clients already
> have a trusted relationship. The banks webmail
> interface leverages this to provide a trust reference
> that the user can easily verify (yes, this is my name
> and balance). That's why it works, and that's what is
> mi
--
John Levine wrote:
> What's missing is, if you'll pardon the phrase, a
> central point of failure.
>
> If you can persuade everyone to use a single system,
> it's not hard to make communication adequately secure.
But there is a central point. ICANN is responsible for
internet names and nu
>Suppose we have a messaging service that, like Yahoo, is
>also a single signon service, ...
Then you just change the attack model.
There are a bunch of sites that do various things with your address
book ranging from the toxic Plaxo which slurps it up and sends spam to
everyone in it masqueradin
Leichter, Jerry wrote:
On the other hand, the push/pull combination of spam and IM/SMS are well
on their way to killing Internet mail.
Video killed the radio star? I'm an IM partisan, but even I have given
up on trying to kill off email.
Meanwhile, the next generation of users is growing
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
> > Meanwhile, the next generation of users is growing up on the immediacy
> > of IM and text messaging. Mail is ... so 20th century.
>
> Well, you certainly don't w
On Thu, Feb 15, 2007 at 11:36:35AM -0500, Victor Duchovni wrote:
> On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
>
> > Meanwhile, the next generation of users is growing up on the immediacy
> > of IM and text messaging. Mail is ... so 20th century.
>
> Well, you certainly don
On Thu, Feb 15, 2007 at 10:10:21AM -0500, Leichter, Jerry wrote:
> Meanwhile, the next generation of users is growing up on the immediacy
> of IM and text messaging. Mail is ... so 20th century.
Well, you certainly don't want to use email when coordinating a place to
meet in the next 10-15 minut
| >Banks [use] a web interface, after the user logs in to their account.
|
| >So, what's missing in the email PKI model is two-sidedness.
| >Fairness.
|
| Not really. What's missing is, if you'll pardon the phrase, a central
| point of failure.
|
| If you can persuade everyone to use a single s
Ed Gerck wrote:
I am using this insight in a secure email solution that provides
just that -- a reference point that the user trusts, both sending
and receiving email. Without such reference point, the user can
easily fall prey to con games. Trust begins as "self-trust". Anyone
interested in tryi
Ivan Krstić wrote:
> This is, in my experience, exactly right. I'm trying
> to take some steps for the better on the OLPC: all
> e-mails and IMs will be signed transparently and by
> default, with the possibility of being encrypted by
> default in countries where it's not a problem. This'll
> help
* James A. Donald:
> Obviously financial institutions should sign their
> messages to their customers, to prevent phishing. The
> only such signatures I have ever seen use gpg and come
> from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
at side in some cases. But, unlike the case today, since your
own money is at stake if you vouch for someone untrustworthy, you
can't just go hand certs out to anyone who shows up at your door.
re:
http://www.garlic.com/~lynn/aadsm26.htm#32 Failure of PKI in message
http://www.garlic.com/~lynn/
On Tue, 13 Feb 2007, Anne & Lynn Wheeler wrote:
| ...part of the problem was that the PKI financial model is out of
| kilter with standard business practices. nominally a relying party has
| some sort of relationship with the certification authority (i.e. what
| they are relying on) and there is ex
John Levine wrote:
> The great thing about Internet e-mail is that
> vast numbers of different mail systems that do not know or trust each
> other can communicate without prearrangement.
That's not banking. Banks and their clients already have a trusted
relationship. The banks webmail interface
>Banks [use] a web interface, after the user logs in to their account.
>So, what's missing in the email PKI model is two-sidedness.
>Fairness.
Not really. What's missing is, if you'll pardon the phrase, a central
point of failure.
If you can persuade everyone to use a single system, it's not ha
The solution is simpler than it seems.
Let's first look at one scenario that is already working
and use it as an example to show how the email scenario
may work.
Banks are already, and securely, sending and receiving
online messages to/from their clients. This is done by
a web interface, after t
Ian G wrote:
> Actually, there are many problems. If you ask the low-level crypto
> guys, they say that the HI is the problem. If you ask the HI guys, they
> say that the PKI concept is the problem. If you ask the PKI people,
> they say the users are not playing the game, and if you ask the user
re:
http://www.garlic.com/~lynn/aadsm26.htm#32 Failure of PKI in messaging
another way of looking at the issue is somewhat alluded to in this blog post
http://www.garlic.com/~lynn/aadsm26.htm#1 Extended Validation - setting the
minium liability, the CA trap, the market in browswer governance
Ian G wrote:
Actually, there are many problems. If you ask the low-level crypto
guys, they say that the HI is the problem. If you ask the HI guys, they
say that the PKI concept is the problem. If you ask the PKI people,
they say the users are not playing the game, and if you ask the users
t
Ian G wrote:
> Steven M. Bellovin wrote:
>> On Mon, 12 Feb 2007 17:03:32 -0500
>> Matt Blaze <[EMAIL PROTECTED]> wrote:
>>
>>> I'm all for email encryption and signatures, but I don't see
>>> how this would help against today's phishing attacks very much,
>>> at least not without a much better trus
Steven M. Bellovin wrote:
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze <[EMAIL PROTECTED]> wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze <[EMAIL PROTECTED]> wrote:
> I'm all for email encryption and signatures, but I don't see
> how this would help against today's phishing attacks very much,
> at least not without a much better trust management interface on
> email clients (of a kind mu
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much better than currently exists
in web browsers).
Otherwise the phishers could j
--
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
I have heard that the reason no one signs using PKI is
that lots of email clients throw up panic dialogs whe
34 matches
Mail list logo
