[cap-talk] Firefox breaks the principle of identifiability
Ian G
iang at systemics.com
Tue Feb 8 10:34:32 EST 2005
Jed Donnelley wrote:
>
> Forget the tedious typing. You give them your smart card (or
> something like) and they add a Petname binding to it.
This isn't a petname. At least as far as I
know a petname must be chosen and set
by the owner. If it is suggested by some
other agency, it is a nickname. Now, if
your model is that they give you a nickname
and you then elect that as a petname, that
would be ok.
(This might sound picky ... but the concept
of petname is quite rigourous in that it is
between the user's mind and their agent.
If that changes, then *all* security bets are
off, I suspect, and we have to go back to
the drawing board.)
> You bring it home and plug it into your system with your browser
> running and the binding is uploaded. Or if you have secure access to
> their Web site you can pull down the binding from there.
Ah, this is more akin to an introduction.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list