Failure of PKI in messaging

James A. Donald jamesd at echeque.com
Mon Feb 12 16:43:07 EST 2007


      --
Obviously financial institutions should sign their
messages to their customers, to prevent phishing.  The
only such signatures I have ever seen use gpg and come
from niche players.

I have heard that the reason no one signs using PKI is
that lots of email clients throw up panic dialogs when
they get such a message, and at best they present an
opaque, incomprehensible, and useless interface.  Has
anyone done marketing studies to see why banks and
massively phished organizations do not sign their
messages to their customers?

      --digsig
           James A. Donald
       6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
       BwrcLrYHszR0syC9LdVrjxAionyxVDwbtJq8Xu2q
       4ky71ODjPeHF5TC4pnkktFaLHEOfFN4fY8JEyqnfn

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list