[15705] in cryptography@c2.net mail archive
Re: Using crypto against Phishing, Spoofing and Spamming...
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Thu Jul 8 10:51:27 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 07 Jul 2004 20:10:21 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Amir Herzberg <amir@herzberg.name>, cryptography@metzdowd.com
In-Reply-To: <87hdslda06.fsf@deneb.enyo.de>
This is a multi-part message in MIME format.
--------------020503010908090405010604
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Florian Weimer wrote:
> * Amir Herzberg:
>=20
>=20
>># Protecting (even) Na=EFve Web Users, or: Preventing Spoofing and
>>Establishing Credentials of Web Sites, at
>>http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials=
%20area.PDF
>=20
>=20
> The trusted credentials area is an interesting concept.=20
Thanks.
However,
> experience suggests that given the current business models, we cannot
> build the required logotype registry. All registries which are used
> on the Internet (for IP address assignments, BGP prefixes, DNS names,
> and even X.509 certificates) are known to fail under stress.
I'm not sure what you mean by `logotype registry`. Such a registry=20
already exist (off-web), i.e. national trademark offices, e.g.=20
www.uspto.gov. These bodies could issue logo certificates. Or, private=20
companies, e.g. verisign, can issue logo certificates, based on the=20
official trademark registers; that shouldn't be hard.
As to a registry to hold these certificates - the site (e.g. bank) would =
probably keep it... and many other places (this is signed i.e. not risky =
to keep).
Finally, of course, until such certificates are available, we simply use =
the manual binding of logos/icons/names to public keys, on the first=20
time you enter a secure site using a browser with our enchancement. It=20
works great... very convenient, and very clear (see screen shots in paper=
).
--=20
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &=20
security)
--------------020503010908090405010604
Content-Type: text/x-vcard; charset=utf8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com
version:2.1
end:vcard
--------------020503010908090405010604--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
