Network Security: Detailed info on Re: Smells like a phish, is a fish?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Smells like a phish, is a fish?

from [Devdas Bhagat] Network Security

[Permanent Link]

Subject:	Re: Smells like a phish, is a fish?
Date:	Sun, 30 Oct 2005 23:16:42 +0530

On 29/10/05 16:22 +1000, Lyal Collins wrote:

We are moving off topic slightly, but I disagree, and agree. 
There is a bigger general problem caused by encrypting email in virtually
every PKI mechanism.
1. Virus and spam control measures fail.


Spam is not about content, even if there are misguided attempts at
filtering based on content. Spam is about consent, and the rejection can
safely be done at the edge.

2. Corporate access to the content in email is at the discretion of the
individual, not the corporate entity. This breaks many corporate laws, and
helps IP thft etc.

Signing email does not have these issues, but what's the point of the cost
to do that (cert cost, support overheads et al) and not protect the message
content from misuse?

There are better email authentication and confidentiality solutions that
PKI-based ones.


Such as? Put it on a website and expect things to be collected later?
Mail 2000?

Devdas Bhagat

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Smells like a phish, is a fish?, (continued) Re: Smells like a phish, is a fish?, Mike Kuriger Re: Smells like a phish, is a fish?, Todd Hendricks RE: Smells like a phish, is a fish?, Ofer Shezaf RE: Smells like a phish, is a fish?, Damhuis Anton RE: Smells like a phish, is a fish?, M. Burnett RE: Smells like a phish, is a fish?, Christopher Reed RE: Smells like a phish, is a fish?, Tom Stowell RE: Smells like a phish, is a fish?, Damhuis Anton RE: Smells like a phish, is a fish?, Tom Stowell RE: Smells like a phish, is a fish?, Lyal Collins Re: Smells like a phish, is a fish?, Devdas Bhagat <= RE: Smells like a phish, is a fish?, Lyal Collins

Previous by Date:	Re: J2EE Application Security Code Review, Dean H. Saxe
Next by Date:	Re: J2EE Application Security Code Review, Dean H. Saxe
Previous by Thread:	RE: Smells like a phish, is a fish?, Lyal Collins
Next by Thread:	RE: Smells like a phish, is a fish?, Lyal Collins
Indexes:	[Date] [Thread] [Top] [All Lists]