[cap-talk] Firefox breaks the principle of identifiability
Jed at Webstart
donnelley1 at webstart.com
Mon Feb 7 23:36:54 EST 2005
At 07:56 PM 2/7/2005, Mark Miller wrote:
>Ben Laurie wrote:
>>Mark Miller wrote:
>>>Ben Laurie wrote:
>>>>The use case is surely where you see www.xn--paypal-4ve.com first and
>>>>assign that the pet name "paypal"?
>>>How did you come to see www.xn--paypal-4ve.com ?
>>It arrived in an email.
>Does your email reader render it as a link? If so, and if you haven't
>already assigned a Pet Name to this URL, then it would generate and render
>a "proposed Pet Name", such as "unknown-3", or perhaps one based on the
>site's nickname, such as "paypal-3". In the latter case, you know only
>that this is one of the sites that wish to be called "paypal". See
>Reading the raw text of the URL itself is about as meaningful as looking
>at the memory address of an object; and user interfaces should show them
>to us about as often. Of course, this isn't currently practical, because
>we're starting with a legacy of DNS names, and will co-exist with this
>legacy for the foreseeable future. But any confusion caused by the text in
>the URL itself is due to the non-pet-name logic of DNS.
>Many people have learned not to believe that any random piece of spam will
>make their penis bigger. Many have not learned this lesson. Once there's a
>practical alternative to reading URL strings, we should regard people who
>believe what a URL itself seems to say as we regard people who fall for
>spam. Likewise for people who take nicknames (and therefore the proposed
>pet names generated from them) too seriously.
>Yes, all this is a pain, and much less pleasant than what we might wish
>were possible. But wishing won't repeal Zooko's triangle. I know of no
>other way to actually solve the problem.
Let me see if I can address the issue that I think is being raised that I
believe to be independent of the original issue of "Firefox breaks the
principle of identifiability".
I believe as it seems Mark Miller does that the Petname mechanism solves
the identifiability confusion issue. However, what others seem to be
raising is the problem that still exists of establishing a trust
relationship with an identity. Naturally if someone I trust tells me, "Oh
yeah, you can trust 'Paypal' and uses my "Paypal" Petname I should
understand that such a recommendation is nonsense. The choice of the
Petname was mine, was essentially arbitrary, and can have no meaningful
relationship with the name "Paypal" that my trusted source refers to -
except in so far as I establish such a relationship.
So then what can someone I trust tell me that might induce me to trust this
identity I've established? They might tell me something about what the
site can communicate. For example, they might tell me that if I visit the
site and view the SSL certificate presented and I find that it's MD5
Fingerprint is A9:04:4D:...:E2:31:9A then I can trust that it's "Paypal"
the organization that I can place some trust in. They might tell me that
if I communicate with the IP address 126.96.36.199 then I can trust that
it's "Paypal" the organization that I can place some trust in, though we
all know about the problems with IP spoofing. Ditto DNS and DNS
spoofing. They might also tell me that if I view their certificate and I
see Organization (O) Paypal, Inc., Serial Number 16:CD:58:...:4D:3D:4f
Issued by Organization (O) VeriSign Trust Network then it's "Paypal" the
organization that I can place some trust in, though if they did so I would
stop trusting them :-)
I believe, however, that this issue of establishing a trust relationship
with an identity is independent of the original "Firefox breaks the
principle of identifiability" issue that I believe is solved with the
As Tyler says:
>Defending the integrity of introductions is also important, but it is a
>separate problem from phishing.
I believe I'm trying to say the same thing.
More information about the cap-talk