On Wed, 5 Jan 2005, Hallam-Baker, Phillip wrote:
The authentication is for the benefit of ordinary users,
In your view, how should the system deal with a message that
has a broken signature? How should this problem be presented
to an ordinary user in a way that they'll understand, or at
least react safely? How will you avoid the web browser SSL
user interface disaster?
Mass should behave in exactly the same way that S/MIME should, treat a
broken signature in EXACTLY the same way that an unsigned message is
Unless it is known that a message should be signed there is no reason to
reject a message with a broken signature, the most likely reason the
signature broke is a broken remailer.
Even here signed mail with logotypes works really well at the 80/20% level
or better. The number of email users who can forward at any level is
negligible, less than 5%. Most of those are managed professionally under
contract and the forwarder will update their systems if thye want to stay in
business. I don't much care about mailing lists breaking signatures because
banks do not by and large communicate with customers through mailing lists.
If I can get to a situation by the end of the year where the major web
hosted email providers support signature verification and display logos for
accredited financial institutions then we can provide meaningful protection
to maybe 35% of Internet users. That is a pretty good start in my book. We
can then work to address another 30% or so over the next year and then look
at ways that we can deal with the rest.
A 35% reduction in phishing fraud means real reduction in direct losses for
my customers. It also means that they can reassure their customers who have
been afraid to go back to the Internet that it is being made safe.