[LINK] PayPal to combat phishing with key fobs
grove at zeta.org.au
grove at zeta.org.au
Sun Jan 14 15:34:24 AEDT 2007
On Sun, 14 Jan 2007, Alan L Tyree wrote:
>> What's needed is not only for the server to require the client to
>> authenticate, but for the client to require the server to
>> authenticate as well to ensure that the server is really who they say
>> they are.
>
> How hard is that to implement? Can I say to ASIC that the Banks could
> cut phishing losses at a reasonable price with this approach?
SSH does it..... ....if I understand correctly. The server has
a key as well and the client checks this before proceeding too far.
If the server key is incorrect or unexpected, a warning is issued
and the session waits for the user to accept the connection or not.
rachel
--
Rachel Polanskis Kingswood, Greater Western Sydney, Australia
grove at zeta.org.au http://www.zeta.org.au/~grove/grove.html
"They who would give up an essential liberty for temporary security,
deserve neither liberty or security" - Benjamin Franklin, 1759
More information about the Link
mailing list