[cap-talk] Firefox breaks the principle of identifiability

Ian G iang at systemics.com
Mon Feb 7 16:21:28 EST 2005 

Ka-Ping Yee wrote:

>Unfortunately, so far the response to this announcement has only
>been "Oh well.  Too bad!"  No one can see any other way to make
>IDNs work.  The only solution is to turn off IDNs altogether.
>  
>

Where have you seen this response? Over on the
crypto + security at mozilla groups there has been
quite a bit of chit chat on the problem, although
I grant that nobody who claims to be a member
of a security team has said anything yet.

>Pet names would be a good step toward a solution of this problem.
>  
>

You need more than just pet names.  The central
issues surround the domain as a trust vector,
and its relationship to the certificate.  If the
domain matches ("is signed by") the cert, then
it is accepted, and that domain is good.

What should be done is that relationship should
be flipped and the cert should become the index
into the trust database.  So, if you are to use
petnames then they should be indexed off the
cert.  A more powerful notion is the use of logos
as is described in:

http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm

(A less powerful notion, IMHO, is to display the
activity information like counts.  But, these are
all good ideas and they all deserve their day in
the sun.)

But it all starts with the cert - this is a cryptographically
secure identifier, and can support statements with
reliability.  Unfortunately, changing the browsers to
index their trust off of each cert has not been a
popular suggestion.  Hopefully, the Shmoo exploit
will help that along a bit.

>However, i'm inclined to think that Unicode domain names are just
>inherently insecure and should not be used.  Even if users learn
>to identify sites with pet names, they are still vulnerable to
>confusion if they look at the location bar, read the name there,
>and type it into the location bar later.
>  
>

By this logic we should stop using language!

The IDN situation has always existed in the
domain system via PayPa1.com.  Should we
not accept digits in domains?


iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/

More information about the cap-talk mailing list