Anyone who thinks that a new mail protocol that relies on users seeing some "secure" or "trustworthy" indicator should read: An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson, Daniel R. Simon, Desney S. Tan, and Adam Barth, Proc. USEC '07. http://usablesecurity.org/papers/jackson.pdf --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf