YURL, PetNames, etc.
Phishing is an attack upon the user’s mind. The attacks exploit human frailties in recognizing trusted entities and confusion in the user’s mind about what trust applies to a particular entity. Defending against phishing attacks requires defending the user’s mind by bolstering the user’s ability to identify and track his trust relationships.
In response to the IDN sploit: YURLs and PetNames. Short version: Assign a name of your own choosing to the hash of the pubkey of a trusted resource. (Now how do you establish that trust relationship in the first place? That part’s always tricky—any trust system is elegant if you already know whom you trust.)
Update: The CapTalk mailing list has been abuzz about this problem. (start here; February archives)