[LINK] PayPal to combat phishing with key fobs

grove at zeta.org.au grove at zeta.org.au
Sun Jan 14 15:34:24 AEDT 2007


On Sun, 14 Jan 2007, Alan L Tyree wrote:

>> What's needed is not only for the server to require the client to
>> authenticate, but for the client to require the server to
>> authenticate as well to ensure that the server is really who they say
>> they are.
>
> How hard is that to implement? Can I say to ASIC that the Banks could
> cut phishing losses at a reasonable price with this approach?

SSH does it.....  ....if I understand correctly.   The server has 
a key as well and the client checks this before proceeding too far.

If the server key is incorrect or unexpected, a warning is issued
and the session waits for the user to accept the connection or not.


rachel

-- 
Rachel Polanskis                 Kingswood, Greater Western Sydney, Australia
grove at zeta.org.au                http://www.zeta.org.au/~grove/grove.html
 	"They who would give up an essential liberty for temporary security,
 	deserve neither liberty or security" - Benjamin Franklin, 1759



More information about the Link mailing list