-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Jun 2005, Gadi Evron wrote:
Joel Jaeggli wrote:
<snip>
The bigger issue is that users simply don't trust any kind of "official communication" anymore and I don't see anything other than pki that could actually restore that.
PKI alone won't solve it, but we are not trying to "fix" phishing here (good thought though!). I agree.
Thing is, user-trust or no user-trust, they click by the masses.
I agree, to elaborate: For us, I see an increasing number of situations where our customers are begining to discard messages we send them about their account because the information we're imparting is hard to distinguish from all the other crap that we don't manage to filter. Claude Shannon could be invoked here. What we have is a noisy communication channel. The phishers are counting on that because the end users are trying to filter all this crap, and the false postive rate of humans trying to distinguish signal from noise is non zero, so eventually people identify the noise as signal. When the noise level gets high enough the signal doesn't get through. There are two solutions really, increase the volume of signal that you send, (basically send more messages) in hopes that get through, apply forward error correction (something that gives the messages a higher likelyhood of being interpreted as signal. If the phishers can replicated the FEC method then the channel gets noisy again.
Gadi.
- -- - -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFCu0118AA1q7Z/VrIRAnGQAJ4rNpG1C+kzSDRwlrJEC+EBWemRmQCfUSjv o467gHoKGCm0JGh0VTvbBE4= =Rq+N -----END PGP SIGNATURE-----