[cap-talk] Firefox breaks the principle of identifiability
Mark S. Miller
markm at cs.jhu.edu
Mon Feb 7 18:00:25 EST 2005
Ka-Ping Yee wrote:
> Pet names would be a good step toward a solution of this problem.
> However, i'm inclined to think that Unicode domain names are just
> inherently insecure and should not be used. Even if users learn
> to identify sites with pet names, they are still vulnerable to
> confusion if they look at the location bar, read the name there,
> and type it into the location bar later.
>
> What do you think of this problem?
How is it that Pet Names don't solve this problem?
Ian G wrote:
> You need more than just pet names. The central
> issues surround the domain as a trust vector,
> and its relationship to the certificate. If the
> domain matches ("is signed by") the cert, then
> it is accepted, and that domain is good.
Huh? How is it that Pet Names don't solve this problem?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list