[cap-talk] Firefox and identifiability, small steps or
large
Jed at Webstart
donnelley1 at webstart.com
Tue Feb 8 22:00:10 EST 2005
At 10:23 AM 2/8/2005, Ian G wrote:
>Ben Laurie wrote:
>...
>A much better approach is to work with small
>changes in what we have available. For example,
>the simple change to Firefox 1.0 that makes the
>URL bar yellow on SSL will (IMHO) do more to
>defend against phishing than the more complete
>approaches developed here - simply because it
>is there, and in the hands of users.
While I agree that such small changes can help
and represent a valid and useful approach in the
short term, I also believe that there are times where
the basic underlying model is broken or at least
needs more radical repair to solve an important
problem. In some such cases one is unable to get
to such a solution by the approach of only making
small changes. I believe it's also important to be
aware of the potential need for larger changes.
I believe the problem of the threat of Trojan
horses from executables on today's "ambient
authority" operating systems is such a situation.
I've seen this problem continue on for many, many
years with no discernable progress. I'm not sure
there is a "small steps" path to a solution.
As to this identity and trust binding problem, I'm
not sure.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list