Dear RIPE: Please don't encourage phishing

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush wrote:
> more and more these days, i have taken to not clicking the update messages, 
> but going to the web site manyually to get it.
> 
> waaaay to much phishing, and it is getting subtle and good.

We know how to sign and encrypt web sites.

We know how to sign and encrypt e-mail.

We even know how to compare keys between the web site and e-mail via a
variety of mechanisms.

We know how to sign DNS.

Remind me again why we live in this sad word Randy (correcly) described?

There's no reason my mail client shouldn't validate the signed e-mail
came from the same entity as the signed web site I'd previously logged
into, and give me a green light that the link actually points to said
same web site with the same key.  It should be transparent, and secure
for the user.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120210/a33ed5fb/attachment.sig>

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]