[cap-talk] Firefox breaks the principle of identifiability

Ka-Ping Yee cap-talk at zesty.ca
Tue Feb 8 00:53:05 EST 2005


On Mon, 7 Feb 2005, Mark Miller wrote:
> Ka-Ping Yee wrote:
> > Pet names only solve the problem as long as users are not allowed to
> > type URLs into the location bar.
>
> Not at all. They can type any URL they like into the URL-location field.

Suppose the user sees "paypal.com" in the URL field while establishing a
trust relationship with the site.  Users reasonably expect that if they
then type "paypal.com" back into that URL field, they will get back to
the same site.

If the URL field initially contained "p\u0430ypal.com" instead of
"paypal.com", identifiability is violated because typing in "paypal.com"
takes the user to a different site than the original site where the
trust relationship was established.

It seems to me that, for a Petname field to truly solve the IDN problem,
the URL field would have to be removed.  In that case, we'd have to come
up with a new way of bootstrapping trust in websites (e.g. getting from
a URL printed on a business card to the intended website).


-- ?!ng


More information about the cap-talk mailing list