First point of consensus (Was: [cap-talk] Firefox breaks the principle of identifiability)
Tyler Close
list at waterken.net
Tue Feb 8 16:22:02 EST 2005
I've created another consensus email that contains all the relevant
information.
On Feb 7, 2005, at 8:43 PM, Ben Laurie wrote:
>
> Tyler Close wrote:
>> In a phishing attack, a spoof site impersonates a trusted site so
>> as to intercept the high value communications between the user and
>> the trusted site. The introduction and creation of a trust
>> relationship has already occurred, and the phisher is trying to
>> subvert this existing relationship. To defend against phishing, we
>> need only prevent subversion of existing trust relationships.
>>
>> For example, people with Paypal accounts already have a connection
>> and trust relationship with the Paypal website. The phisher wants
>> to get the password for this existing Paypal account. We can defeat
>> the phisher by preventing impersonation of the Paypal website.
>>
>> Do you agree that the petname toolbar prevents phishing attacks,
>> as they are defined in this email?
>
> I agree that petnames will prevent spoofing an existing URL, indeed.
Consensus on this point in the cap-talk list could be a valuable tool in
persuading browser manufacturers to include the petname toolbar feature
in their product. Please add a reply to this thread if you agree and
wish to see the petname toolbar added to browsers.
The petname toolbar is described at:
http://www.waterken.com/dev/YURL/Name/
Tyler
---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
More information about the cap-talk
mailing list