[cap-talk] Firefox breaks the principle of identifiability
Mark Miller
markm at cs.jhu.edu
Mon Feb 7 21:42:01 EST 2005
Ian G wrote:
> Mark Miller wrote:
>
>>
>>> Secondly, petnames may "solve" the problem in theory, but are
>>> not as well as logos.
>>
>> I have no problem with Pet Logos, so long as they follow the Pet Name
>> logic. (CapDesk uses Pet Icons in such a fashion in addition to Pet
>> Names.) In any case, could you explain a scenario where Pet Names are
>> insufficient?
>
> Yes, if the user ignores words.
If the user ignores words, then they can't be misled by them. What threat
model are we addressing?
> Or, are you saying that
> using logos is a subset of petnames, in your lexicon?
A logo is only a Pet Logo if the choice of which logo to display follows Pet
Name logic. In that case, fine. I've only skimmed
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm , but, as far
as I could tell, they don't use Pet Name logic to determine what logo to
display. If indeed they don't, then these wouldn't be Pet Logos, and I fail to
see how this system would then solve the problem.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list