[Cryptography] Encryption opinion
Guido Witmond
guido at witmond.nl
Mon Aug 25 15:10:51 EDT 2014
On 08/25/14 13:32, Stephan Neuhaus wrote:
>
> I'm not sure. It's very hard (at least NOW it's very hard) to come up
> with a way to tell users that a site is probably a phishing site without
> confusing them even more than they already are.
It doesn't have to be.
> Again, I'm on the same page as you, so I'm not going to "explain that"
> :-) In my original post I merely pointed out that crypto won't stop Eve
> from dressing up as Bob while still showing credentials that say
> correctly that she's Eve.
Yes it can!
1. Take the user out of the validation path.
2. Let the computer decide who is genuine and who's LLB (Looking like Bob).
Here's my attempt:
http://eccentric-authentication.org/Icann-talk-phishing-protection-4.pdf
Cheers, Guido Witmond.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140825/08cbc191/attachment.sig>
More information about the cryptography
mailing list