Activate PrivaSphere
|
You have verified your recipient "out-of-band" before - why am I asked to
do this again?
The concerned recipient unfortunately forgot the password at PrivaSphere.
In order to keep account reactivation simple, we have to allow for a password reset
based on a e-mail challenge.
This, however, creates the possibility for adversaries controlling infrastructure
transporting the recipient's mail posing as the recipient.
In order to prevent such powerful adversaries to gain access to messages they are not
intended to see, PrivaSphere's Trust Management System had to implement the following
measures:
- Upon password reset, all the recipient's previous messages are no longer accessible
by the recipient (or the adversary).
The recipient will have to ask the sender for a re-send of messages sent prior
to the password reset.
- You as the sender will be alerted once that happened.
Therefore, you are prompted to verify the recipient "out-of-band" again: "Was it
you or an adversary?"
- This is a nuisance if it occurs frequently.
In order to avoid this from happening, if you have a public key uploaded in your
"My Account" tab, (soon), an eventual forgot password challenge mail will be sent
in encrypted form. Then, the privasphere system will not need to reset all the
trust relations nor wipe your inbox.
- ...
Sufficient demand provided, we will additionally offer encrypted e-mail challenges with
keys that must be certified by a Certification Authority trusted by the
vendor-shipped root certificate store.
Yet a higher level of trust our patent pending Trust Management Architecture can
implement is to create system participant groups based on authentication methods beyond
simple client certificates - e.g.
on the level that is used for Internet Banking in some places (smart-cards etc.).
Further information on PrivaSphere's Trust Management can be found
here - Message Unlock Codes.
More general information on PrivaSphere's Trust Management can be found
here.
More general arguments, why to trust PrivaSphere can be found
here.
|