Re: Failure of PKI in messaging

Thread: Re: Failure of PKI in messaging

Search this list only Search all lists
Re: Failure of PKI in messaging
United States	2007-02-15 20:18:31
-- >> Suppose we have a messaging service that, like Yahoo, >> is also a single signon service, ... John Levine wrote: > Then you just change the attack model. My proposal closes off the major attack path, and leaves the trojan and virus attack path wide open. But I have not had a trojan or a virus for a year, and the guys at OLPC and capabilities are working on solutions to the problem of trojans and viruses. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG KFNxwdPt55zr/lrMF3JJdyxCUs8vIC5/2XaKhzIj 4+Jf1Ha6sL7LPQHFkrty0tw47vweiiGC5p1lMXXiK ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: Failure of PKI in messaging
United States	2007-02-15 21:12:11
> >> Suppose we have a messaging service that, like Yahoo, > >> is also a single signon service, ... > > John Levine wrote: > > Then you just change the attack model. >My proposal closes off the major attack path, and leaves the trojan >and virus attack path wide open. It doesn't do anything about the obvious attack path of phishing credentials from the users to stick bogus trusted entries into their accounts. My examples showed all sorts of benign looking situations in which users provide their credentials to parties of unknown identity or reliability. R's, John ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )