I fail to see how a anti-phishing blacklist is going to solve the problem. Who is going to manage the blacklist? Am I supposed to trust any unlisted site with my credit card details even if the SSL cert they're using is self-signed and completely bogus?
Looks like two sides of the same problem. You have to have a system of managing trust (CA's) or distrust (blacklists), but either way you will be running into problems if the maintainer is not doing a proper job (either because of greed, incompetence, incompability, market constraints etc)
Slashdot Mirror
I fail to see how a anti-phishing blacklist is going to solve the problem. Who is going to manage the blacklist? Am I supposed to trust any unlisted site with my credit card details even if the SSL cert they're using is self-signed and completely bogus?
Looks like two sides of the same problem. You have to have a system of managing trust (CA's) or distrust (blacklists), but either way you will be running into problems if the maintainer is not doing a proper job (either because of greed, incompetence, incompability, market constraints etc)