Steven M. Bellovin wrote:
On Mon, 12 Feb 2007 17:03:32 -0500
Matt Blaze <[EMAIL PROTECTED]> wrote:
I'm all for email encryption and signatures, but I don't see
how this would help against today's phishing attacks very much,
at least not without a much better trust management interface on
email clients (of a kind much better than currently exists
in web browsers).
Otherwise the phishers could just sign their email messages with
valid, certified email keys (that don't belong to the bank)
the same way their decoy web traffic is sometimes signed with
valid, certified SSL keys (that don't belong to the bank).
And even if this problem were solved, most customers still
wouldn't know not to trust unsigned messages purporting
to be from their bank.
Precisely. The real problem is the human interface, where we're asking
people to suddenly notice the absence of something they're not used to
seeing in the first place.
Actually, there are many problems. If you ask the low-level
crypto guys, they say that the HI is the problem. If you
ask the HI guys, they say that the PKI concept is the
problem. If you ask the PKI people, they say the users are
not playing the game, and if you ask the users they say the
deployment is broken ... Everyone has got someone else to
blame.
They are all right, in some sense. The PKI concepts need
loosening up, emails should be digsig'd for authentication
(**), and the HI should start to look at what those digsigs
could be used for.
But, until someone breaks the deadly embrace, nothing is
going to happen. That's what James is alluding to: what
part can we fix, and will it help the others to move?
iang
** I didn't say digital signing ... that's another problem
that needs fixing before it is safe to use, from the "ask
the lawyers" basket.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]