[147243] in cryptography@c2.net mail archive
Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
daemon@ATHENA.MIT.EDU (Bill Frantz)
Thu Sep 19 14:11:15 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 19 Sep 2013 10:24:15 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: "Salz, Rich" <rsalz@akamai.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C711D4594B70@USMBX1.msg.corp.akamai.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 9/19/13 at 5:26 AM, rsalz@akamai.com (Salz, Rich) wrote:
>>I know I would be a lot more comfortable with a way to check the mail against a piece of paper I
>received directly from my bank.
>
>I would say this puts you in the sub 1% of the populace. Most
>people want to do things online because it is much easier and
>"gets rid of paper." Those are the systems we need to secure.
>Perhaps another way to look at it: how can we make out-of-band
>verification simpler?
Do you have any evidence to support this contention? Remember
we're talking about money, not just social networks.
I can support mine. ;-)
If organizations like Consumers Union say that you should take
that number from the bank paperwork you got when you signed up
for an account, or signed up for online banking, or got with
your monthly statement, or got as a special security mailing and
enter it into your email client, I suspect a reasonable
percentage of people would do it. It is, after all a one time operation.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography