What do you suggest short of an absolute guarantee?
How do I advise consumers to tell the difference between legitimate
e-mails with embedded links and the phished ones using spoofed sites?
I am concerned that this could seriously undermine the use of e-mail and
websites for e-commerce and financial transactions.
Thanks,
Parry
-----Original Message-----
From: Masataka Ohta
[mailto:mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp]
Sent: Sunday, December 21, 2003 12:06 AM
To: Franck Martin
Cc: ietf(_at_)ietf(_dot_)org; parry(_at_)aftab(_dot_)com
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
Franck Martin (Parry Aftab);
Now IE has a bug that allows them to mask the real site more easily,
by
showing the spoofed site in the navigation bar.
Do any of the IETF members have suggestions for easy ways of
confirming
that the site you just linked to is really the site you wanted to
access?
As you know, an easy way is to just believe Microsoft and its
products.
If you are asking a way guaranteed to work, answers depend on
how much guarantee you need.
It should be noted that nothing gives absolute guarantee.
It should also be noted that PKIs are not so useful, as their
typical guarantee is mere "money back guarantee" form CAs.
Masataka Ohta