The Internet and email is old at this point.

It can be reasonably argued that email links are a significant threat vector right now.

So far, we just keep trying to sandbox links or scan attachments, but it’s still not stopping the threat.

My questions for comment:

  • Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
  • Why can’t we do PKI well after a few decades?
  • Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?

I see services like id.me and others and wonder why we can’t get digital identity right and if we could, would it eliminate some of the major threats?

Image credit: https://www.office1.com/blog/topic/email

Edit, post not related to the site or any service, just image credit.

  • MSgtRedFox@infosec.pubOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Interesting. I do wish our government identity extended to online. Instead of signing into a bunch of websites with a Google account, I think a us government or state account would be nice. One account, PKI in your driver’s license or some other passkey like device.

    I guess the trade would be protection of that digital ID and the system running it. We already have identity theft. I hope it would be harder if you have to digitally sign a bunch of stuff with you driver’s license. Most people probably don’t have experience with common access cards or tokens though.

    • HubertManne@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      yes and you should never have to worry about losing it do to it being like canceled and you should be able to clear up any support issues at the post office.