What do you suggest short of an absolute guarantee? How do I advise consumers to tell the difference between legitimate e-mails with embedded links and the phished ones using spoofed sites? I am concerned that this could seriously undermine the use of e-mail and websites for e-commerce and financial transactions. Thanks, Parry -----Original Message----- From: Masataka Ohta [mailto:mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Sunday, December 21, 2003 12:06 AM To: Franck Martin Cc: ietf@xxxxxxxx; parry@xxxxxxxxx Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?] Franck Martin (Parry Aftab); > Now IE has a bug that allows them to mask the real site more easily, by > showing the spoofed site in the navigation bar. > Do any of the IETF members have suggestions for easy ways of confirming > that the site you just linked to is really the site you wanted to > access? As you know, an easy way is to just believe Microsoft and its products. If you are asking a way guaranteed to work, answers depend on how much guarantee you need. It should be noted that nothing gives absolute guarantee. It should also be noted that PKIs are not so useful, as their typical guarantee is mere "money back guarantee" form CAs. Masataka Ohta
