[cap-talk] Firefox breaks the principle of identifiability
Ben Laurie
ben at algroup.co.uk
Tue Feb 8 01:08:17 EST 2005
Ka-Ping Yee wrote:
> On Mon, 7 Feb 2005, Mark Miller wrote:
>
>>Ka-Ping Yee wrote:
>>
>>>Pet names only solve the problem as long as users are not allowed to
>>>type URLs into the location bar.
>>
>>Not at all. They can type any URL they like into the URL-location field.
>
>
> Suppose the user sees "paypal.com" in the URL field while establishing a
> trust relationship with the site. Users reasonably expect that if they
> then type "paypal.com" back into that URL field, they will get back to
> the same site.
>
> If the URL field initially contained "p\u0430ypal.com" instead of
> "paypal.com", identifiability is violated because typing in "paypal.com"
> takes the user to a different site than the original site where the
> trust relationship was established.
>
> It seems to me that, for a Petname field to truly solve the IDN problem,
> the URL field would have to be removed. In that case, we'd have to come
> up with a new way of bootstrapping trust in websites (e.g. getting from
> a URL printed on a business card to the intended website).
If you always type the URLs of sites you want to trust, this problem
does not occur.
More information about the cap-talk
mailing list