WebApp Sec mailing list archives
Re: Smells like a phish, is a fish?
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sun, 30 Oct 2005 23:16:42 +0530
On 29/10/05 16:22 +1000, Lyal Collins wrote:
We are moving off topic slightly, but I disagree, and agree. There is a bigger general problem caused by encrypting email in virtually every PKI mechanism. 1. Virus and spam control measures fail.
Spam is not about content, even if there are misguided attempts at filtering based on content. Spam is about consent, and the rejection can safely be done at the edge.
2. Corporate access to the content in email is at the discretion of the individual, not the corporate entity. This breaks many corporate laws, and helps IP thft etc. Signing email does not have these issues, but what's the point of the cost to do that (cert cost, support overheads et al) and not protect the message content from misuse? There are better email authentication and confidentiality solutions that PKI-based ones.
Such as? Put it on a website and expect things to be collected later? Mail 2000? Devdas Bhagat
Current thread:
- Re: Smells like a phish, is a fish?, (continued)
- Re: Smells like a phish, is a fish? Mike Kuriger (Oct 27)
- Re: Smells like a phish, is a fish? Todd Hendricks (Oct 28)
- RE: Smells like a phish, is a fish? Ofer Shezaf (Oct 27)
- RE: Smells like a phish, is a fish? Damhuis Anton (Oct 27)
- RE: Smells like a phish, is a fish? M. Burnett (Oct 27)
- RE: Smells like a phish, is a fish? Christopher Reed (Oct 28)
- RE: Smells like a phish, is a fish? Tom Stowell (Oct 28)
- RE: Smells like a phish, is a fish? Damhuis Anton (Oct 28)
- RE: Smells like a phish, is a fish? Tom Stowell (Oct 28)
- RE: Smells like a phish, is a fish? Lyal Collins (Oct 28)
- Re: Smells like a phish, is a fish? Devdas Bhagat (Oct 30)
- RE: Smells like a phish, is a fish? Lyal Collins (Oct 31)
- RE: Smells like a phish, is a fish? Lyal Collins (Oct 28)
- Re: Smells like a phish, is a fish? Mike Kuriger (Oct 27)