X.509 / PKI, PGP, and IBE Secure Email Technologies
James A. Donald
jamesd at echeque.com
Sun Dec 11 10:48:23 EST 2005
--
James A. Donald wrote:
> > However, the main point of attack is phishing, when
> > an outsider attempts to interpose himself, the man
> > in the middle, into an existing relationship between
> > two people that know and trust each other.
Anne & Lynn Wheeler <lynn at garlic.com>
> in the traditional, ongoing relationship scenario,
> relying parties directly record authentication
> information of the parties they are dealing with. if a
> relying party were to directly record the public key
> of the people they are communicating with ... it is
> the trusting of that public key and the validating of
> associated public key operations that provide for the
> countermeasure for man-in-the-middle attacks and
> phishing attacks.
This was the scenario envisaged when PKI was created,
but I don't see it happening, and in fact attempting to
do so using existing user interfaces is painful. They
don't seem designed to do this.
My product, Crypto Kong, http://echeque.com/Kong was
designed to directly support this scenario in a more
convenient fashion - it keeps a database of past
communications and their associated keys, but there did
not seem to be a lot of interest. I could have made it
more useful, given it more capabilities, but I felt I
was missing the point
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
4ostZwIWJbNX6/eRYYX4QMLG5GGNUaPJao5ZKKGB
4Bt20kCp2fkd6wgjBDjYMz5ZqUEnTYL4O3aTalDOB
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list