[cap-talk] Firefox breaks the principle of identifiability
Jed at Webstart
donnelley1 at webstart.com
Tue Feb 8 18:43:08 EST 2005
At 08:00 AM 2/8/2005, Tyler Close wrote:
>On Feb 7, 2005, at 10:25 PM, Jed Donnelley wrote:
>
>>At 09:37 PM 2/7/2005, Tyler Close wrote:
>>...
>>>I want to continue to delay the introduction discussion until we nail
>>>down the phishing part of the discussion, but I will get to it if you want to.
>>...
>>
>>I'm ready to hear it. Perhaps you could just point me to some stuff on
>>your YURLs.
>
>...We've had this discussion on cap-talk before (maybe before you arrived)
>and not made much progress. I suspect it's because everyone just piles all
>naming related problems onto the discussion all at once, and then we
>circle around it endlessly. Petnames + YURLS + keyword servers do provide
>a complete solution, but I guess it's just too much to communicate all at
>once. Petnames all on their own provide important and tangible benefits,
>and establishing that fact might make communicating the rest of the system
>easier.
I appreciate the historical perspective and also appreciate and agree with
that point about the value added by Petnames.
>The YURL Definition paper you've already seen is a requirements
>specification. The httpsy protocol is an implementation of these
>requirements. See:
>
>http://www.waterken.com/dev/YURL/httpsy/
Hooha! I'm delighted to see the YURL mechanism uses a "hash of a public
key" (essentially
equivalent to the certificate fingerprint I believe?). I just pulled that
binding out of my a**
for the discussion when I was trying to find a way to get involved. I'm
glad to see some
common thinking there.
I'll try to use your syntax and mechanism in future as it seems clear
you've put
more thought into it that what I was making up on the fly.
>This specification explains the crypto and networking part of the solution.
A little sparse perhaps, but seems workable.
>An example introduction scenario is examined in the paper at:
>
>http://www.waterken.com/dev/YURL/Schneier/
>The home page for all these papers is at:
>
>http://www.waterken.com/dev/YURL/
>
>There are many papers under that root that explore different parts of the
>naming problem. Taken together, they might give you a more complete
>picture of what we have in mind. For now, I want to continue to focus the
>discussion on the phishing aspect.
That sounds reasonable. To me it seems clear that isolating the name space
and putting it under the users
control (whether with Petnames or Petlogos or whatever) solves the business
of managing the name space.
Of course there's still the issue of binding (I hope I using common
terminology here) the name to a
communicating entity (again terminology), but that seems to be where
something like your YURL
mechanism comes into play.
>If we reach consensus on just that part, we will have made important
>progress, and done much better than we have on previous tries.
We all do our best...
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list