[cap-talk] Firefox breaks the principle of identifiability

Ian G iang at systemics.com
Tue Feb 8 09:05:30 EST 2005


Mark Miller wrote:

>
> If the user ignores words, then they can't be misled by them. What 
> threat model are we addressing?


<thinks> that a URL is introduced into the
browser that shows a facsimile or mockup
of a trusted site.

The thing is that words are "low bit rate"
whereas logos can be "rich" which provides
a more efficient processing scenario for the
brain.  A picture is worth a thousand words,
and all that.  As the notion of who the site
is has more to do with the eventual presentation,
and some cunning trick pulled by the phisher,
a concentration on names and conflation is
probably only a subset of the security space.

> > Or, are you saying that
>
>> using logos is a subset of petnames, in your lexicon?
>
>
> A logo is only a Pet Logo if the choice of which logo to display 
> follows Pet Name logic. In that case, fine.


Is there anything anywhere that expands the
pet names concept to logos?   Or is this
something that evolved without anyone really
thinking about it?

Also, where is the "Pet Name logic" ?  I've seen
some views of this in PNML document, but the
logic seems more assumed than written.

"pet names are understood to be specific
(and private!) to the relationship between
two people."

http://www.erights.org/elib/capability/pnml.html


Random question:

Under what conditions does an agent release
a petname?  Under what conditions does an
agent translate a petname?  How does an agent
deal with an incoming petname?

> I've only skimmed 
> http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm , but, 
> as far as I could tell, they don't use Pet Name logic to determine 
> what logo to display. If indeed they don't, then these wouldn't be Pet 
> Logos, and I fail to see how this system would then solve the problem.
>

I've put a lot of time into understanding and
integrating the ideas in that paper.  I agree
that it might not be expressed very well, that's
the problem with an overly rich subject space,
I suspect.  I had to spend a lot of time talking
to Amir before I could wrap my head around
what he was trying to do.  To be fair, he had
to do the same to understand my perspective.

My understanding is that it does use a logic
akin to the logic behind pet names.  But, until
now, it never occurred to me that this logic might
be generalised in such a fashion.  And even
now, I'm not sure.  I'd really need to compare
the two in depth to see, and both are incompletely
documented and there are only so many hours
in a day.

As an aside, not necessarily disconnected,
I spent a few moments reviewing Zooko's
triangle last night, and tied in the Ricardian
Contract as a Type 4 in his numbering.  Now,
the crossover is that Zooko's triangle is I'd
assert more foundational than the pet names
structure, as it is the foundation on which pet
names sits.  Or, to put it another way, pet
names may be one bug fix to the law of ZT.
Or, a third way is that this is the engineer's
viewpoint, and this is an engineering problem
as much as it is a theoretical security problem.

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/



More information about the cap-talk mailing list