[18187] in cryptography@c2.net mail archive
Re: ID "theft" -- so what?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sun Aug 14 21:56:14 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 14 Aug 2005 16:10:02 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Ian Grigg <iang@systemics.com>
Cc: "Perry E. Metzger" <perry@piermont.com>,
cryptography@metzdowd.com, Dan Kaminsky <dan@doxpara.com>
In-Reply-To: <200507141537.09529.iang@systemics.com>
Ian Grigg wrote:
> Too many words? OK, here's the short version
> of why phising occurs:
>
> "Browsers implement SSL+PKI and SSL+PKI is
> secure so we don't need to worry about it."
>
> PKI+SSL *is* the root cause of the problem. It's
> just not the certificate level but the business and
> architecture level. The *people* equation.
PKI+SSL does not _cause_ the problem, it merely fails to solve it. You
may as well blame HTTP - in fact, it would be fairer.
Cheers,
Ben.
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
