Jargons of Info Tech industry
Mike Meyer
mwm at mired.org
Thu Oct 13 01:32:03 EDT 2005
Roedy Green <my_email_is_posted_on_my_website at munged.invalid> writes:
> 3. prevent phishing. When PayPal sends you an email, you want to know
> for sure it really is from PayPal. This means corporate users at
> least will all have digital ids, and all emails will be digitally
> signed.
That won't prevent phishing, that will just raise the threshhold a
little. The first hurdle you have to get past is that most mail agents
want to show a human name, not some random collection of symbols that
map to a unique address. Even if you do that, most readers aren't
going to pay attention to said random collection of symbols. Given
that, there are *lots* of tricks that can be used to disguise the
signed name, most of which phishers are already using. How many people
do you think will really notice that mail from "John Bath, PayPal
Customer Service Representative" (john.barth at paypa1.com) isn't really
from paypal?
Unicode makes things *really* interesting.
> 4. status tracking. Unless blocked by the receiver, the sender knows
> if his message has been receiveived/read.
Got that already.
> 5. making it impossible for any incoming email to mount any sort of
> attack. the only parts the email software processes are the data
> parts. Any enclosed programs must be explicitly installed. The email
> software would warn if any code were not digitally signed with proper
> certificate to identify the author.
How 20th century of you. Making it impossible to send executable code
as content is a major step backwards from what we've got now, and
you're the last person I would have expected to do that.
The solution is to run the code in a sandbox. This is an old
technology, and fairly well understood. Except maybe in Redmond.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
More information about the Python-list
mailing list