Florian Weimer wrote: > * Nicholas Bohm: > > >>[EMAIL PROTECTED] wrote: >> >>>You know, I'd wonder how many people on this >>>list use or have used online banking. >>> >>>To start the ball rolling, I have not and won't. >>> >>>--dan >> >>I do. >> >>My bank provides an RSA SecureId, so I feel reasonably safe against >>anyone other than the bank. > > > But it's just a token measure. You should be afraid of your own > computer, your own network. SecureID does not authenticate the server > you're going to send your data to. It does not detect if your > computer is compromised. > > Sure, right now, it might help you personally, but once these simple > tokens gain market share, attackers will adjust. It's not a general > solution.
I accept all that. I hope, not too confidently, that before the attackers adjust enough, banks will start giving their customers FINREAD type secure-signature-creation devices of decent provenance whose security does not rely on non-compromise of my PC or network. Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 871272 (+44 1279 871272) Fax 020 7788 2198 (+44 20 7788 2198) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]