[cap-talk] Firefox breaks the principle of identifiability
Ian G
iang at systemics.com
Tue Feb 8 13:34:55 EST 2005
list at waterken.net wrote:
>On Feb 7, 2005, at 8:43 PM, Ben Laurie wrote:
>
>
>>The Shmoo example does not demonstrate anything about PKI (though it
>>is true that the particular CA chosen doesn't tell you much about who
>>bought the certificate, which would strike me as a fairly effective
>>prevention of the attack - the CA was, however, chosen for cheapness,
>>not usefulness).
>>
>>
>
>So you view the Shmoo example [1] as a showcase of the PKI providing
>effective prevention against a phishing attack?
>
>
No. Shmoo doesn't say anything about phishing
that hasn't already been said before. And it
doesn't say anything that I can see about PKI.
And PKI doesn't cover phishing.
What Shmoo does is nicely brings to the foreground
the debate of phishing, and concentrates the
attention of the technical community on the browser.
That's worth a medal!
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list