Using crypto against Phishing, Spoofing and Spamming...

[Amir Herzberg]

Following some of our discussions on this list, I tried to think more 
seriously on how crypto could be used for the basic current security 
threats of spoofing, phishing and spamming. Preliminary write-ups of the 
results are available in the following (or from my homepage):

# Protecting (even) Naïve Web Users, or: Preventing Spoofing and 
Establishing Credentials of Web Sites, at 
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF

# Controlling Spam by Secure Internet Content Selection, at 
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spam.pdf

I believe many of you will find some interest in (criticizing?) the new 
ideas and proposals, and I'll be very grateful for any feedback; the 
works already benefited a lot from some discussions on this list, 
including some of you who asked me essentially to `write up your ideas`.

I am also very interested in working with potential implementors; I am 
already working on implementations with students, but, additional and 
potentially more experienced developers may help us turn some of these 
ideas into reality.

BTW, I'm already using the anti-spamming mechanism (trusted logo and 
credentials area) we developed for Mozilla, and it works great; I hope 
we'll feel soon confident enough with the code so we'll be able to put 
it in the public domain. Experienced Mozilla developers who will be 
willing to help test and evaluate the code are invited to contact me.

-- 
Best regards,

Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://AmirHerzberg.com (information and lectures in cryptography & 
security)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com