[cryptography] Diginotar Lessons Learned (long)

James A. Donald jamesd at echeque.com
Sat Sep 10 19:11:20 EDT 2011

On 2011-09-11 3:38 AM, Peter Gutmann wrote:
> (Success criteria are the ultimate acid test of any new initiative, which is
> why you'll never, ever see them specified for government projects.  All the
> people proposing new Rube Goldberg schemes - me included - should feel
> confident enough in them that they're prepared to say "My scheme, if adopted,
> will lead to an X% decrease in phishing".  It doesn't even have to be 25%,
> let's make it really easy and say 5%, or even just "statistically
> significant".  If you can't do that then you're not really proposing a
> solution but just looking for guinea pigs).

The big two are shared secrets and authenticated email.  Solve those 
two, and the rest are leftovers.

More information about the cryptography mailing list