While it may be beyond the scope of joe shmoe's internet surfing ability, there are key ifnrastructures in place now, assymetric key encryption. Each website could have its own key, as well as each user of a given commerce site. This would at the very least make impersonating more difficult. One enterprising person could make a 'toolbar', snap-in, or application. Upon registration and once per month any site could renew the key and 'subscriber' sites could embed public keys or some variation in emails. These could be analyzed by the third party software/toolbar to prove authenticity. Of course, I know this has already been concieved and probably dismissed due to liability issues on the software vendor's behalf, or the laziness of not wanting to purchase certificates from leading CA authorities. Oh well, here's your soapbox back.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9235/27759#27759