At 06:50 17-08-2007, Iljitsch van Beijnum wrote:
Then again, misspelled fishing would be an order of magnitude harder
if banks and retailers started using S/MIME, which is widely
implemented today, but they can't be bothered, so it looks like
protocol design isn't going to save the world any time soon.
Right.
You picked a very apt subject line. It's a simple protocol, it's
easy to use and above all, it's cheap. But when you are dealing with
financial transactions, you're putting your customers at risk then as
there is no way for them to determine the authenticity of the message.
At 07:09 17-08-2007, John C Klensin wrote:
Individuals with small mail domains struggle along, resisting
being forced to either give up and join up with those large
providers and ideas that would inevitably make email costly to
them on a per-message basis. But the key institutions that get
Some people see using a large provider as better than running a mail
server for a small domain. After all, it's free. But it may not be
free tomorrow and it may turn into an expensive communication medium for them.
message and not the transport. If the primary concern is
communications between a financial institution with which the
user already has an account (or equivalent relationship) and
that user, we don't even have the usual PKI problems: one can
deliver a sender key or cert out of band, validate it, and be
finished.
There are ways to validate the sender the first time you establish a
contact. Once that is done, you can use it to validate future
communication you receive from that correspondent.
Regards,
-sm
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf