- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 12 Jun 2006 18:59:52 -0700
- To: "Chris Drake" <christopher@pobox.com>
- Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>, "George Staikos" <staikos@kde.org>, <public-usable-authentication@w3.org>
> From: Chris Drake [mailto:christopher@pobox.com] > Why do you think there's a potential for "immediate return" > in that quagmire? If I get the webmail providers to deploy secure letterhead that is 30% penetration instantly. And if it is 30% effective we have a 10% reduction in phishing for maybe a total layout of $100K per bank for deploying DKIM. That compares to the 7 figure sums currently being spent on takedown services. Secure Letterhead for SSL is much cheaper. We can get maybe 20% penetration in a short time. It will take us a long time, maybe three years to get to 80% or more penetration. If we had started in 1998 we would be done now. > The *problem* that I think everyone is overlooking, is that > authentication is NOT the kind of problem that *can* be > broken down into nice tidy discreet solutions. You can't > have Chrome as a single solution - chrome is just a small > part of a solution - and no part of the chrome component can > be developed in isolation from the rest (2-way > identification, multifactor authentication, identity > handling, etc etc). I know this is ugly, an administrative > nightmare, a lot of work, a privacy nightmare, and irritating > to have to explain to non-techies - but whatever bit you > leave out will be the weak link that brings you down in the end. It is one point out of 12 or so on the dotcrime manifesto. If you want to see my roadmap and where it fits in I will be happy to send it to you.
Received on Tuesday, 13 June 2006 02:33:47 UTC