Failure of PKI in messaging
Ed Gerck
edgerck at nma.com
Wed Feb 14 01:10:09 EST 2007
John Levine wrote:
> The great thing about Internet e-mail is that
> vast numbers of different mail systems that do not know or trust each
> other can communicate without prearrangement.
That's not banking. Banks and their clients already have a trusted
relationship. The banks webmail interface leverages this to provide
a trust reference that the user can easily verify (yes, this is my
name and balance). That's why it works, and that's what is missing
in the bank PKI email model -- what's that relationship buying you?
Email for banks should thus leverage the relationship, rather than
present an ab initio communication.
> It's hard to see any
> successful e-mail system in the future, secure or otherwise, that
> doesn't do that, since Internet mail killed all of the closed systems
> that preceded it.
It is not true that you can't secure first communications. It is just
harder and _not_ necessary for banks (because the client already knows
the bank and vice versa).
Best,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list