> [mailto:[EMAIL PROTECTED] On Behalf
> 1) Most sites are not targeted by phishers today, and > unlikely to be targeted in the future, so they should not be > forced to put in technology for resolving phishing. This is completely wrong. Every type of site is targetted by criminal schemes, blogs are currently targets for spam and for dropping trojans onto user machine via spyware. If I can get hold of a blogger's username and password I can install a trojan dropper onto their site. Blogger has been infested with hundreds of thousands of sites with music backgrounds provided by spyware companies. There are already extensive attacks against search engines. If you can see the searches someone has done recently you can quickly build up a picture to use in an identity theft. > 2) Currently the user has NO trusted site or client and is > easily phished. Once the user has one trusted software > system, then that system can more easily determine the > identity of other sites. In other words, the user will not > have to build up the full assurance stack with each site, the > user can leverage something they already trust to assist in > making the trust decision. The problem is not a lack of trusted sites, it is a lack of sites that are trustWORTHY. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
