[Cryptography] [cryptography] Secure universal message addressing
John Levine
johnl at iecc.com
Tue Apr 19 17:57:47 EDT 2016
In article <CAAt2M1_WG0TfXd==E2QtuB57xaPrby+0X3U0ahdwC+hpCa3w6w at mail.gmail.com> you write:
>-=-=-=-=-=-
>
>Den 19 apr. 2016 19:28 skrev "John Levine" <johnl at iecc.com>:
>>
>> That's not really securely communicating with someone you've never had
>> contact with before. There's a whole non-crypto issue of how you
>> recognize bogus transactions inserted into a stream of legit ones.
>
>Why can't it be rephrased as a crypto problem? That means we have a large
>stream of transactions where a total lack of history / provenance is normal.
Typically because the crook has access to the same credentials that the
legitimate users do.
>Why aren't we verifiably tracking the path of all such critical data and of
>who create and approve what transactions?
Because, in this case, there was malware at the endpoint, inside the
security perimiter.
The way this was caught, preventing about 90% of the attempted
transactions, was an ordinary non-crypto check when they misspelled
one of the recipients' names.
R's,
John
More information about the cryptography
mailing list