X.509 / PKI, PGP, and IBE Secure Email Technologies

James A. Donald jamesd at echeque.com
Sun Dec 11 10:48:23 EST 2005


    --
James A. Donald wrote:
> > However, the main point of attack is phishing, when
> > an outsider attempts to interpose himself, the man
> > in the middle, into an existing relationship between
> > two people that know and trust each other.

Anne & Lynn Wheeler <lynn at garlic.com>
> in the traditional, ongoing relationship scenario,
> relying parties directly record authentication
> information of the parties they are dealing with. if a
> relying party were to directly record the public key
> of the people they are communicating with ... it is
> the trusting of that public key and the validating of
> associated public key operations that provide for the
> countermeasure for man-in-the-middle attacks and
> phishing attacks.

This was the scenario envisaged when PKI was created,
but I don't see it happening, and in fact attempting to
do so using existing user interfaces is painful.  They
don't seem designed to do this.

My product, Crypto Kong, http://echeque.com/Kong was
designed to directly support this scenario in a more
convenient fashion - it keeps a database of past
communications and their associated keys, but there did
not seem to be a lot of interest.   I could have made it
more useful, given it more capabilities, but I felt I
was missing the point 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     4ostZwIWJbNX6/eRYYX4QMLG5GGNUaPJao5ZKKGB
     4Bt20kCp2fkd6wgjBDjYMz5ZqUEnTYL4O3aTalDOB



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list