Igor March 15, 2007 7:49 PM

Bruce, very good interview; I am still listening as I write this. I like the idea of authenticating via mobile phone; however, there would be accessibility concerns with this that would have
to be addressed. For example, can the receiver of the message actually read it, and can they somehow press the ‘authenticated’ button? It will be interesting how this system ends up working.

Paeniteo March 16, 2007 7:34 AM

Are transcripts available?
Or a direct URL to the media file?

The link causes an error message that the Mediaplayer-plugin would have attempted some illegal operation and was shut down.

jeff March 16, 2007 9:18 AM

Interesting discussion. I found it particularly interesting that PayPal is fairly comfortable with the level of fraud that currently exists (losses at less than 0.5%), but is fighting basically a perception problem caused by the phishing. The credit card companies don’t have to deal with that.

Also, my playback kept stopping at 44 minutes or so. Couldn’t get past that point, so I haven’t been about to hear the conclusion. How does it end? Do they ever get off the island?

K Ables March 18, 2007 2:00 PM

Excellent discussion, thanks!

During the part on phishing, it (re)occurred to me to wonder why it is we don’t restrict who can send out what From: lines. For example, my .procmailrc file checks the Received: line added by my ISP (i.e. the box from whom my ISP received the message) and if, for example, the From: line says but the message did not come from a host in the domain, the message is stuck in a spam file. I do this with the major vendors who are phished and it has not failed yet. I get all the email truly from those domains and I never get a phish message since those are never from that domain.

For regular users who legitimately send out different forwarding addresses through their ISPs, this is a harder sell, but for businesses it would not be that difficult. DNS could have a record added where an email domain for whom an MX record is maintained could also have a way to request the names of all valid SMTP servers for that domain name. If you receive a message that claims to be from, you can go look up the valid machines that could send that message to you, and if you aren’t talking to one of them, don’t accept the message.

This would allow each domain to manage their own list and would require only minor changes (at least for sendmail) on the receiving end.

Wim L March 19, 2007 1:33 AM

K Ables, you’re pretty much exactly describing “SPF” (sender policy framework, or sender-permitted-from), which is reasonably widely deployed. And it is, as you predict, a pain for people (like me) who occasionally want to send work email from a non-work machine…

A cryptographic approach is DKIM / DomainKeys, in which the sending MTA signs just a few relevant headers (not the entire message text).

For reliable communication between individuals, I still think end-to-end cryptography à la PGP or SMIME is the way to go, but PayPal and eBay are not well-enough coördinated to be able to handle crypto, I think.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.