Failure of PKI in messaging

Ian G iang at systemics.com
Tue Feb 13 06:37:54 EST 2007 

Steven M. Bellovin wrote:
> On Mon, 12 Feb 2007 17:03:32 -0500
> Matt Blaze <mab at crypto.com> wrote:
> 
>> I'm all for email encryption and signatures, but I don't see
>> how this would help against today's phishing attacks very much,
>> at least not without a much better trust management interface on
>> email clients (of a kind much better than currently exists
>> in web browsers).
>>
>> Otherwise the phishers could just sign their email messages with
>> valid, certified email keys (that don't belong to the bank)
>> the same way their decoy web traffic is sometimes signed with
>> valid, certified SSL keys (that don't belong to the bank).
>>
>> And even if this problem were solved, most customers still
>> wouldn't know not to trust unsigned messages purporting
>> to be from their bank.
>>
> 
> Precisely.  The real problem is the human interface, where we're asking
> people to suddenly notice the absence of something they're not used to
> seeing in the first place.


Actually, there are many problems.  If you ask the low-level 
crypto guys, they say that the HI is the problem.  If you 
ask the HI guys, they say that the PKI concept is the 
problem.  If you ask the PKI people, they say the users are 
not playing the game, and if you ask the users they say the 
deployment is broken ...  Everyone has got someone else to 
blame.

They are all right, in some sense.  The PKI concepts need 
loosening up, emails should be digsig'd for authentication 
(**), and the HI should start to look at what those digsigs 
could be used for.

But, until someone breaks the deadly embrace, nothing is 
going to happen.  That's what James is alluding to:  what 
part can we fix, and will it help the others to move?

iang

** I didn't say digital signing ... that's another problem 
that needs fixing before it is safe to use, from the "ask 
the lawyers" basket.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list