[cap-talk] Firefox breaks the principle of identifiability

Ian G iang at systemics.com
Tue Feb 8 19:31:01 EST 2005


Jed at Webstart wrote:

>
> <As I noted elsewhere in a later message> of course
> the Petnames are managed by the user.  The interface
> could look something like:
>
> "Bank of America suggests the binding of the name
> 'Paypal' with the URL https://www.paypal.com/
> and the certificate fingerprint:
> A9:04:4D:C2:74:5E:05:D9:28:44:E0:8C:53:E2:31:9A
>
> The 'Paypal' Petname is available.  Would you like
> to assign this name as above?"


With the caveat that even suggesting a petname
is frowned upon by some .. I agree with the above.

(I've not really made up my mind about the notion
of petname rigour on this particular question.)

>
> What I really want to hear are criticisms that suggest
> fundamental flaws in the available mechanisms/tools.
> For example, I feel that merging of the URL with the SSL
> certificate fingerprint adds security to the Petname binding.
> I'd be interested to hear criticism of that underlying
> mechanism.


My own preference is to use the cert as is.

Adding in the URL as well doesn't seem to
add enough;  we already have issues with
wildcard domains and so forth that confuse
users enough to make the URL <--> cert
mapping suspicious.

Then, the petname is placed on the cert,
and URLs can be added as additional names
if the application desires.  A good system
would (I claim without too much thought)
have a capability for many aliases.

(Also, as posted elsewhere, the key/cert is
equivalent to the fingerprint.)

> From my perspective the fundamental nut of the mechanism is the
> ability to communicate some trust from one trusted entity to
> another, in the case under consideration where they both
> speak digital.  And of course the communication is to a user
> at a browser ultimately using a Petname or Petlogo.  I believe
> the "tedious typing" criticisms are bogus as I feel they apply
> only to the interface between analog and digital.


Right.  There are three components here:

   1.  the Introduction, which arives from someone you trust,
   2.  the addition of this pointer to your name database, and
        the selection of your pet name, and
   3.  an arrival of some more trust-adding information
        on some pointer you already have.

Now, as a basic mechanism that sounds fine.  I also
think the typing part is something that will be
finessed once the basic structure is laid out.  I.e.,
parts 1,3 fall out in the wash.

However, I suspect none of this reaches the realms
of practicality until it is decided what the basic
unit of trust is going to be in the browser.  Right
now it might be an x.509 key.  Other proposals have
been made.  Unfortunately, we can't see enough
into the future to be able to decide how that is
going to play out, so until we do know, John Halleck's
criticism rules, IMHO.


iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/



More information about the cap-talk mailing list