WebApp Sec mailing list archives
RE: Article - A solution to phishing
From: lists () dawes za net
Date: Sat, 27 Nov 2004 10:18:58 -0600
Quoting Michael Silk <michaelsilk () gmail com>:
Hi Christopher, Thanks for your feedback, let me address it. First let me say that many people have raised the issue (privately) of unecrypted emails not being good enough - and they have a point. So from now onwards let us assume that public key/private key exchange system is used to communicate the emails such that:
And if they are using a public key system, why would you bother with email then? Just make them use the private key to authenticate to the website. There is STILL no opportunity for phishing, as the user never types in any details. They simply authenticate the SSL session using the cert, and there are no further opportunities for information theft. Sounds to me like you just want to use email in there somewhere! ;-) Rogan
Current thread:
- Re: Article - A solution to phishing, (continued)
- Re: Article - A solution to phishing Andi McLean (Nov 27)
- Re: Article - A solution to phishing ZedGama3 (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 27)
- Re: Article - A solution to phishing Peter Conrad (Nov 27)
- Re: Article - A solution to phishing John West (Nov 27)
- Re: Article - A solution to phishing Paul Johnston (Nov 27)
- RE: Article - A solution to phishing Damhuis Anton (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing Robin Balean (Nov 27)
- RE: Article - A solution to phishing Michael Silk (Nov 27)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 29)
- Re: Article - A solution to phishing Michael Silk (Nov 29)
- Re: Article - A solution to phishing Rogan Dawes (Nov 30)
- Re: Article - A solution to phishing Adam Shostack (Dec 01)
- Re: Article - A solution to phishing Rogan Dawes (Dec 03)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Dec 14)
- Re: Article - A solution to phishing Adam Tuliper (Dec 15)
- Re: Article - A solution to phishing Ian (Dec 16)
- Re: Article - A solution to phishing exon (Dec 20)
- Re: Article - A solution to phishing Joseph Miller (Dec 20)