[cap-talk] Firefox breaks the principle of identifiability
Mark Miller
markm at cs.jhu.edu
Tue Feb 8 10:39:30 EST 2005
Ian G wrote:
> Jed Donnelley wrote:
>> Forget the tedious typing. You give them your smart card (or
>> something like) and they add a Petname binding to it.
>
> This isn't a petname. At least as far as I
> know a petname must be chosen and set
> by the owner. If it is suggested by some
> other agency, it is a nickname. Now, if
> your model is that they give you a nickname
> and you then elect that as a petname, that
> would be ok.
>
> (This might sound picky ... but the concept
> of petname is quite rigourous in that it is
> between the user's mind and their agent.
> If that changes, then *all* security bets are
> off, I suspect, and we have to go back to
> the drawing board.)
Yes.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list