[cap-talk] Firefox breaks the principle of identifiability

Ka-Ping Yee cap-talk at zesty.ca
Tue Feb 8 19:11:52 EST 2005 

On Tue, 8 Feb 2005, Ben Laurie wrote:
> > Suppose the user sees "paypal.com" in the URL field while establishing a
> > trust relationship with the site.  Users reasonably expect that if they
> > then type "paypal.com" back into that URL field, they will get back to
> > the same site.
> >
> > If the URL field initially contained "p\u0430ypal.com" instead of
> > "paypal.com", identifiability is violated because typing in "paypal.com"
> > takes the user to a different site than the original site where the
> > trust relationship was established.
[...]
>
> If you always type the URLs of sites you want to trust, this problem
> does not occur.

First, asking people to stop clicking on links is infeasible and
defeats the whole point of having a Web in the first place.

Second, the problem is more complex.  Consider these examples:

(a) Assume that i trust you and i have somehow managed to get myself
    to your website with some assurance.  Your web page says "I use
    Paypal and i recommend it.  Get your own account at paypal.com."
    Instead of clicking the link, i type "paypal.com" in the bar.

    But what if you meant to recommend "p\u0430ypal.com"?  Because
    the Cyrillic "a" and Latin "a" are indistinguishable, i have now
    gone to the wrong site even though i typed in the URL as i saw it.

    The point: visibly indistinguishable URLs are inevitably a
    problem as long as users are allowed to type them in.


(b) Assume i trust the EFF and i have correctly arrived at their
    website.  I want to make a donation.  The EFF webpage at

    http://www.eff.org/support/joineff-paypal.html

    provides a bunch of links for making donations with Paypal.
    Here is an the URL for donating $25:

    https://secure.paypal.com/xclick/business=accounting%40eff.org&item_name=EFF+Membership&item_number=Budget&amount=25.00&return=http%3A//www.eff.org/support/thanks.html

    That link is important because it establishes the trust
    relationship between EFF and the account where Paypal will
    deposit the money.  Do you expect the user to type in that
    entire URL?


(c) Assume that i like the E project and i want to make a donation
    in e-gold.  The page at

    http://erights.org/donate.html

    provides e-gold's donation form.  But it's not a link i can type
    into the location bar; e-gold needs me to fill out the form.
    Your rule of always typing in URLs can't work here.


-- ?!ng

More information about the cap-talk mailing list