[cap-talk]... identifiability - what to bind to,
implications for capabilities (was Firefox, etc., marcs)
Jed at Webstart
donnelley1 at webstart.com
Tue Feb 8 21:51:23 EST 2005
At 10:09 AM 2/8/2005, marcs wrote:
> > > legacy for the foreseeable future. But any confusion caused
> > by the text in the URL itself is due to the non-pet-name logic of DNS.
> >
> > And so we can go round this loop again. You propose to "fix" this
> > problem by removing all meaning from the URL. How do I then find out
> > what the URL is good for?
>
>Great question. It is clarifying to think about this problem in a world
>where URLs truly have all meaning removed from them...
>Now I have a site that my friend Bob trusts as a place to find other sites,
>I give it the pet name Bob's Goggle. I type in "paypal", and go to the first
>hit and the default name suggested as a pet is bob's goggle's paypal.
>
>Meanwhile, I also ask alice for her favorite search site. She's got one she
>calls Google, which she sends me. If this is the same site as bob's goggle,
>my user interface notes that, and I have new confidence in Goggle...
How do you determine that the 'site' is the same? Do you do a
URL or DNS or IP match? It seems to me you leave yourself
vulnerable to IP or DNS spoofing or even just being on another
network. You also have the possibility of missing the identity
of one URL you receive uses a DNS and another an IP or
a DNS alias or ...
It seems to me what you want to do the identity match on is
something like a key fingerprint. If you treat the address portion
of the URL as really just a hint of how to reach the intended
destination but demand a public key fingerprint match to
determine the identity then it seems to me you have a pretty
strong system.
One interesting aspect of this thinking for me is that in most of
my past capability thinking I've focused on the concerns of assuring
the server that a client is presenting a valid capability. I haven't
focused on the concern of the client that it's communicating
with the appropriate server - also a valid concern.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list