[cryptography] Diginotar Lessons Learned (long)
James A. Donald
jamesd at echeque.com
Sat Sep 10 19:11:20 EDT 2011
On 2011-09-11 3:38 AM, Peter Gutmann wrote:
> (Success criteria are the ultimate acid test of any new initiative, which is
> why you'll never, ever see them specified for government projects. All the
> people proposing new Rube Goldberg schemes - me included - should feel
> confident enough in them that they're prepared to say "My scheme, if adopted,
> will lead to an X% decrease in phishing". It doesn't even have to be 25%,
> let's make it really easy and say 5%, or even just "statistically
> significant". If you can't do that then you're not really proposing a
> solution but just looking for guinea pigs).
The big two are shared secrets and authenticated email. Solve those
two, and the rest are leftovers.
More information about the cryptography