[cap-talk] Firefox breaks the principle of identifiability

[Jed at Webstart]

At 08:43 PM 2/7/2005, Ben Laurie wrote:
>Tyler Close wrote:
>...
>>Defending the integrity of introductions is also important, but it is a 
>>separate problem from phishing. I am happy to explain how YURLs are used 
>>to ensure the integrity of introductions, but let's progress in steps.
>
>I can figure that one out. I still want to know how I get my first 
>introduction.

Your first meaningful introduction is probably to your parents.  You build 
from there.  You build through whatever means of communication you have and 
how that communication goes.  For example in the case of the 
extraterrestrial communication that I mentioned (no physical contact) we 
would proceed to build up trust gradually with known identities (where 
encryption becomes important).  In such a case it seems the trust would be 
build on information exchange only, but building trust is still possible.

>BTW, I saw a domain spoofing attack today that did not attempt to subvert 
>an existing trust relationship. It was trying to get people to post their 
>pictures to a spoofed HotOrNot site. Frivolous, I'll admit, but 
>nevertheless, an example of an attackable transaction with value that does 
>not rely on an existing trust relationship and so cannot be prevented by 
>petnames (at least, not in the way described).

If somebody chooses to risk value in communication with an identity which 
no history of established trust - then that's their choice of course.  I 
don't see that as a problem to be solved but a privilege to be 
protected.  I continue to maintain that this discussion is quite far from 
"Firefox breaks the principle of identifiability".

--Jed http://www.webstart.com/jed/