[149623] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Feb 10 12:38:16 2012
Date: Fri, 10 Feb 2012 09:37:01 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: NANOG list <nanog@nanog.org>
Mail-Followup-To: NANOG list <nanog@nanog.org>
In-Reply-To: <m2sjiivbph.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush w=
rote:
> more and more these days, i have taken to not clicking the update message=
s,=20
> but going to the web site manyually to get it.
>=20
> waaaay to much phishing, and it is getting subtle and good.
We know how to sign and encrypt web sites.
We know how to sign and encrypt e-mail.
We even know how to compare keys between the web site and e-mail via a
variety of mechanisms.
We know how to sign DNS.
Remind me again why we live in this sad word Randy (correcly) described?
There's no reason my mail client shouldn't validate the signed e-mail
came from the same entity as the signed web site I'd previously logged
into, and give me a green light that the link actually points to said
same web site with the same key. It should be transparent, and secure
for the user.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBTzVVvbN3O8aJIdTMAQLXEw/+Ko8k8HM71WO0Orabt/0tvxx8674sBRIU
axejUFwWLVc2knXPnbJCHIr/0wqOL/StSlg43VBoCLH1dKVpOgJOoj4RIhVqKPvD
F4XRLp7D1VECCQJsvW+14o2Rd7hmeNjI2mS9mgHZ7k8IZX8LuZ+QdXBVf4lVV6wQ
sdLh3YAMITJXN1VW+AvRwlnAyHo7qFJBo9YDAJwocryNaOvZkTHWmx7oBitwYiuJ
BKKwtOmN4xTknrcH9g+OjEBrAxWgt4Pk95tEixD1tajAzONnE/hxt5GCZgsQ5okE
/w8ioU3go1Cmin8K1ZldftLzvp4PSLzBPyYweyllkF6FJwh0DACUmBc5x59trzSA
sL9HquKCSGD0fL+b4JBa0AnFjy1TxJsWtNbwj4JXWQfY636NIsCQNjbFN4npRhUQ
L4DVK7Su5RCOZ9XHh7j1/ecEnPktD95l4CAKSs8XSquO+RoO11Wh+QpVFNtshfiw
piags8htezocN+ZDl5WR0P7Sw05++EFPpFYJD5YC/TuAsTngSfEg6oQqH8kGn1zi
hBohK/bgthXcTU1q+HbMJ83wnNlTx679/4DjUjrxMracvnDHeMsDqLrixvsWDedv
zzL2YYOiQobF5e4fUA6bqGsaDjmrH2Y/1WhOCu780TSjqMXqiT/jbdyo5yEDeJpb
cJZlN/nF1q8=
=Eb/e
-----END PGP SIGNATURE-----
--fdj2RfSjLxBAspz7--
