But from your point, the codeword would be in the clear as well.
Respectively speaking, I don't see how either solution would solve this.
Ed Gerck wrote:
List,
In an effort to stop phishing emails, Citibank is including in a plaintext
email the full name of the account holder and the last
Suppose you choose A4RT as your codeword. The codeword has no privacy concern
(it does not identify you) and is dynamic -- you can change it at will, if you
suspect someone else got it.
Compare with the other two identifiers that Citibank is using. Your full name
is private and static. The ATM's
http://online.wsj.com/article_print/0,,SB111714148789244402,00.html
The Wall Street Journal
? May 27, 2005
PAGE ONE
The Secret Passages
In CIA's Backyard
Draw Mystery Lovers
'Da Vinci Code' Has Many
Trying to Decipher Secret
Of the Kryptos Sculpture
By JOHN D. MCKINNON
Staff Reporter of
On May 26, 2005, at 13:24, Ed Gerck wrote:
A better solution, along the same lines, would have been for Citibank
to
ask from their account holders when they login for Internet banking,
whether they would like to set up a three- or four-character
combination
to be used in all emails from the
Wells Fargo reported to me some time ago that they tried using digitally
signed S/MIME email messages and it did not work even for their _own employees_.
Also, in an effort to make their certs more valuable, CAs have made digitally
signed messages imply too much -- much more than they warrant or
--
On 26 May 2005 at 11:24, Ed Gerck wrote:
A better solution, along the same lines, would have
been for Citibank to ask from their account holders
when they login for Internet banking, whether they
would like to set up a three- or four-character
combination to be used in all emails
Yes but the other context from the related group of blog postings, is
Kim Cameron's (microsoft) laws of identity [1] that this comment is
made in the context of.
It is relatively hard to see how one could implement an identity
system meeting the stated laws without involving blind signatures of
Possibly the most visible Trojan attack was just exposed by the Israeli
police. The Trojan was written (apparently) by an Israeli programmer,
living in Europe in the last few years. It was planted in many Israeli
companies, such as the major cellular companies. There were conflicting
reports