[cap-talk] Firefox breaks the principle of identifiability
Ben Laurie
ben at algroup.co.uk
Tue Feb 8 01:38:12 EST 2005
Jed Donnelley wrote:
> At 09:16 PM 2/7/2005, Ben Laurie wrote:
>
>> Jed Donnelley wrote:
>>
>>> At 08:29 PM 2/7/2005, Ben Laurie wrote:
>>> ...
>>> For example, I gave the example where someone I trust could say, "If
>>> you visit the site, view
>>> it's SSL certificate and find that it's MD5 Fingerprint is
>>> A9:04:4D:...:E2:31:9A then I can trust
>>> that it's "Paypal" the organization that you can place some trust in."
>>> Does that answer your question?...
>>
>>
>> I agree it solves the problem of confusable URLs. I can't get very
>> excited about that without a solution to the problem of how I
>> realistically get hold of things to associate petnames with.
>> Currently, if I want to go to Paypal's site, I type it in - petnames
>> don't help me.
>> ...
>> This would work. I don't believe it is practical.
>
>
> What don't you believe is practical? The communication of the trust
> relationship from one
> entity to another (e.g. from your existing bank to Paypal) or the
> binding of the communicated
> trust to a Petname? Or something else?
The physical communication of trust relationships.
> It seems to me that if I have an existing trust relationship and via
> known secure communication
> with that trusted entity I receive a message like:
> _________________________________________________________________________
> You can trust the entity at www.paypal.com with the certificate with MD5
> Fingerprint:
>
> A9:04:4D:C2:74:5E:05:D9:28:44:E0:8C:53:E2:31:9A
>
> to be the "Paypal" service as I describe in this document. You may
> assign it
> the Petname "Paypal" and trust it as described herein.
> __________________________________________________________________________
>
> The one thing I think might be missing is the binding of the Petname to the
> fingerprint. Binding it to an IP address or DNS name has known problems.
> If there was a binding to a fingerprint as above (I don't know, there
> may be),
> would that suffice? Would you consider that 'practical'? If not, why not?
Let's say I start with actually visiting my bank, and getting the
fingerprint of their cert. I then tediously type that into my machine.
Now I can go to the bank's website, and find their trustable link to
PayPal. So, I go to PayPal and transfer some money from my bank into my
PayPal account. I want to buy something with that money, so I follow
PayPal's trustable link to eBay. On eBay, I find Joe Sixpack selling the
something, so I follow eBay's trustable link to Joe Sixpack. Joe Sixpack
has a friend, Evil Bastard, and a trustable link to him on his website.
Now I have a trustable link to Evil Bastard (who Joe Sixpack described
as escrow.com) I give my money to Evil Bastard, who promptly disappears,
as does Joe Sixpack.
How did this chain of trust help me?
Cheers,
Ben.
More information about the cap-talk
mailing list