Using crypto against Phishing, Spoofing and Spamming...
Amir Herzberg
herzbea at macs.biu.ac.il
Wed Jul 7 14:10:21 EDT 2004
Florian Weimer wrote:
> * Amir Herzberg:
>
>
>># Protecting (even) Naïve Web Users, or: Preventing Spoofing and
>>Establishing Credentials of Web Sites, at
>>http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
>
>
> The trusted credentials area is an interesting concept.
Thanks.
However,
> experience suggests that given the current business models, we cannot
> build the required logotype registry. All registries which are used
> on the Internet (for IP address assignments, BGP prefixes, DNS names,
> and even X.509 certificates) are known to fail under stress.
I'm not sure what you mean by `logotype registry`. Such a registry
already exist (off-web), i.e. national trademark offices, e.g.
www.uspto.gov. These bodies could issue logo certificates. Or, private
companies, e.g. verisign, can issue logo certificates, based on the
official trademark registers; that shouldn't be hard.
As to a registry to hold these certificates - the site (e.g. bank) would
probably keep it... and many other places (this is signed i.e. not risky
to keep).
Finally, of course, until such certificates are available, we simply use
the manual binding of logos/icons/names to public keys, on the first
time you enter a secure site using a browser with our enchancement. It
works great... very convenient, and very clear (see screen shots in paper).
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040707/64c213bb/attachment.vcf>
More information about the cryptography
mailing list