RE: (secure email) Proposal to anti-phishing

["Lyal Collins" <lyal.collins () key2it com au>]

[snip]
> > [snip]
> > Well, there may be one other good option to stop phishing.
> > If emails could be positively identified as coming from a 
> > customer's bank,
> > then they could ignore those that don't authenticate as 
> > spam/phishing/fraud.
>
> The difference is that client-side SSL exists today in an
> industry standard platform independent manner that could be
> effectively deployed. (management is a different issue that
> I will be a coward and ignore for now.)

It's hard to see how changing the locaiton of a password verification
actually makes any difference to accountholder security or phishing.

> "secure email"....what is that? It doesn't exist is the problem,
> unless you want to talk a specific software package or a
> one of the "secure email portal" solutions (hosted or device).
> Those aren't any more reasonable than a token.

Corporate-acceptable secure email is easier to deploy as a ) the
accountholder already has an email address (ISPs proviide mail boxes ina
ddition to  browsing access) and a password for that email service; and b)
the accountholder has a authenticate-able business relationship with the
bank/corporation.  Note - this excludes PGP and S/MIME, for the obvious
reasons.


> Kiosk. Airport or hotel shared system, etc. Are going to carry
> around your thumb drive and install PGP and your keyring on
> every system you use if they let you?

Is anyone expected to trust an email recevied on untrusted shard access
devices?
Note: PGP != secure email to most businesses, nor is S/MIME.
 
> And then there's the pragmatic fact that people will pay Microsoft
> protection-racket funds for Microsoft anti-spyware to protect
> themselves transparently in the background from the crappy
> software Microsoft *SOLD* them in the first place...and they
> will do this long before they'll use any of the "secure email"
> solutions today that require user interaction & thought.
>
> But I'm all for an global standard secure email solution if you
> happen to have one of those handy,

Actually, my company does - if anyone wants to buy it.

Lyal

> Arian
>
>
>
>
>
> The information transmitted in this e-mail is intended only 
> for the addressee and may contain confidential and/or 
> privileged material. 
> Any interception, review, retransmission, dissemination, or 
> other use of, or taking of any action upon this information 
> by persons or entities
> other than the intended recipient is prohibited by law and 
> may subject them to criminal or civil liability. If you 
> received this communication 
> in error, please contact us immediately at 816.421.6611, and 
> delete the communication from any computer or network system.