[cap-talk] Firefox and identifiability, small steps or large
Ian G
iang at systemics.com
Tue Feb 8 22:22:24 EST 2005
Jed at Webstart wrote:
> At 10:23 AM 2/8/2005, Ian G wrote:
>
>> Ben Laurie wrote:
>> ...
>> A much better approach is to work with small
>> changes in what we have available. For example,
>> the simple change to Firefox 1.0 that makes the
>> URL bar yellow on SSL will (IMHO) do more to
>> defend against phishing than the more complete
>> approaches developed here - simply because it
>> is there, and in the hands of users.
>
>
> While I agree that such small changes can help
> and represent a valid and useful approach in the
> short term, I also believe that there are times where
> the basic underlying model is broken or at least
> needs more radical repair to solve an important
> problem.
I think we are all agreed that the PKI
model as deployed is "broken or in need
of radical repair."
However, where I think I differ from
some is that I don't see that it is possible
to change the model that is in place that
much. In that, I know of no event that is
likely to cause the browser manufacturers
to change their code base over drastically
and put in a new security model.
So I see working with the current security
model - sucky as it is - as about the only
hope. This is somewhat ironic, given my
past comments against the model, but
security is nothing if not practical and
deployed.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list