Re: [cap-talk] Firefox breaks the principle of identifiability
list at waterken.net
list at waterken.net
Tue Feb 8 12:46:01 EST 2005
On Feb 7, 2005, at 8:43 PM, Ben Laurie wrote:
> The Shmoo example does not demonstrate anything about PKI (though it
> is true that the particular CA chosen doesn't tell you much about who
> bought the certificate, which would strike me as a fairly effective
> prevention of the attack - the CA was, however, chosen for cheapness,
> not usefulness).
So you view the Shmoo example [1] as a showcase of the PKI providing
effective prevention against a phishing attack?
My interpretation of the Shmoo example, and I suspect their intent, is
exactly the opposite. If we disagree on this point, we must have wildly
different understandings of the use model the WWW presents to users.
[1] http://shmoo.com/idn/
Tyler
---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
More information about the cap-talk
mailing list