-- From: [EMAIL PROTECTED] (Peter Gutmann) > TLS-PSK fixes this problem by providing mutual > authentication of client and server as part of the key > exchange. Both sides demonstrate proof-of- possession > of the password (without actually communicating the > password), if either side fails to do this then the > TLS handshake fails. Its only downside is that it > isn't widely supported yet, it's only just been added > to OpenSSL, and who knows when it'll appear in > Windows/MSIE, Mozilla, Konqueror, Safari,
This will take out 90% of phishing spam, when widely adopted. We also need support for measures of key persistance, like trustbar, but there seems to be lot of resistance to this, for no reason I understand. In its current incarnation, trustbar takes up too damn much real estate, and requires too much manual support. We need a less obtrusive key persistance measure. Petname is less obstrusive, and requires less manual support, but still too much. The trustbar logos are the way to go, and logos of about that size are becoming a standard feature of web pages. If it could look as cool as trustbar, while needing even less manual intervention Petname .... Also petnames need to be linked to favorites. When you are on a site that is on your favorites list, you should see that it is on your favorites list. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /RwA4zRnu4D2L0mSgGcsMv2Z3UGRcRDZnsqwkzh0 4QVXdCrfQfW0WLkPqTvEk16BxjqokNWgRWZOOTahd --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]