On Fri, 2004-06-04 at 18:59, Michel Py wrote:
Andy Bakun wrote:
Adding authentication and accreditation to the mix
only ends up giving you a false sense of security,
I actually don't agree with this.
Way too many people are overly trusting.
This is true, but not a reason not to add accreditation and
authentication, even if they are not perfect.
Michel,
You are correct, of course, on both of these accounts. My wording was
too strong. Authentication and accreditation do add a level of security
-- if you know what those terms mean and how to use/interpret the output
of tools that perform authentication and accreditation. Unfortunately,
I don't think there is a clue bat big enough to get people to not think
"the problem has been solved! yippe!" once SPF/CID or whatever starts
getting Big Marketing behind it. Because the problem is not solved:
users must still remain (or start being) diligent, AND realize the value
in being diligent AND want to, to avoid be phished.
--
Andy Bakun: genetically engineered perfection
<abakun(_at_)thwartedefforts(_dot_)org>