Quoting Michael Silk <michaelsilk (at) gmail (dot) com [email concealed]>:

> Hi Christopher,
>
> Thanks for your feedback, let me address it.
>
> First let me say that many people have raised
> the issue (privately) of unecrypted emails not
> being good enough - and they have a point. So
> from now onwards let us assume that public
> key/private key exchange system is used to
> communicate the emails such that:
>

And if they are using a public key system, why would you bother with email then?
Just make them use the private key to authenticate to the website. There is
STILL no opportunity for phishing, as the user never types in any details. They
simply authenticate the SSL session using the cert, and there are no further
opportunities for information theft.

Sounds to me like you just want to use email in there somewhere! ;-)

Rogan

[ reply ]

Quoting Michael Silk <michaelsilk (at) gmail (dot) com [email concealed]>:<br/>
<br/>
> Hi Christopher,<br/>
> <br/>
> Thanks for your feedback, let me address it.<br/>
> <br/>
> First let me say that many people have raised<br/>
> the issue (privately) of unecrypted emails not<br/>
> being good enough - and they have a point. So<br/>
> from now onwards let us assume that public<br/>
> key/private key exchange system is used to<br/>
> communicate the emails such that:<br/>
><br/>
<br/>
And if they are using a public key system, why would you bother with email then?<br/>
Just make them use the private key to authenticate to the website. There is<br/>
STILL no opportunity for phishing, as the user never types in any details. They<br/>
simply authenticate the SSL session using the cert, and there are no further<br/>
opportunities for information theft.<br/>
<br/>
Sounds to me like you just want to use email in there somewhere! ;-)<br/>
<br/>
Rogan

[ reply ]