On 17-aug-2007, at 17:54, Steven M. Bellovin wrote:
S/MIME would be a fine start. It also won't solve the problem until someone develops a user interface that DTRT for naive users who don't understand trust anchors,
Big yellow warning when S/MIME authentication fails in Apple's Mail is hard to miss even if you don't understand exactly what it is...
or how to distinguish myfinancialcompany.com from myfinancia1company.com when both have valid certificates.
So I can register paypa1.com and then go to Verisign to get a certificate for that domain? If that's true, then I think the law makers in various jurisdictions have work to do.
The very simple idea of having a .bank TLD for financial institutions could also help a lot here.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf