Comment by throwway120385

Right now it's easy for me to buy a look-alike domain name for a bank, host a page on that domain that looks like a bank's login page, and pass through to the real bank to take over someone's account in an automated fashion. TLS doesn't prevent me from doing that.

What TLS does do is ensure that when I communicate with a third party on the internet, that communication can't be intercepted by any intervening switches or routers. TLS per se does not have any other properties. However, we've constructed a system of chains of trust using TLS certificates and trusted third parties. That system is not a technical system and TLS does not have the innate property of enabling you to trust or not to trust someone.

It's an important distinction because the PSTN and our system of TLS Certificate Authorities is a social solution to a social problem. And so suggesting that TLS somehow magically has a property that it prevents fraud is hard for me to follow, because fraud is also a social problem and you can't use technology to solve social problems. Technology can be used to lubricate, to bring people together, and to ensure that conventions are followed and that peoples' solutions can interoperate. But the real innovation in TLS from a fraud perspective is actually the network of companies, nonprofits, third parties, and government agencies who have collectively established root Certificate Authorities and who have ensured that those CAs control who you trust. None of that is specified in any RFC. It's entirely something we humans made up after someone created an enabling technology.

As for problems with PSTN, there are similar technical solutions, but largely PSTN fraud and spam are a social problem and require social interventions. This is why we have the FCC in the US, for example, because when the scope of an intervention becomes large enough it has to be administered by someone. When you say PSTN doesn't work because of fraud and spam, in my mind what you're saying is that the FCC does not do enough to prevent fraud and spam.