[cap-talk] Firefox and identifiability, small steps or large

Ian G iang at systemics.com
Wed Feb 9 07:11:37 EST 2005 

David Hopwood wrote:

> Ian G wrote:
>
>> I think we are all agreed that the PKI
>> model as deployed is "broken or in need
>> of radical repair."
>>
>> However, where I think I differ from
>> some is that I don't see that it is possible
>> to change the model that is in place that
>> much.  In that, I know of no event that is
>> likely to cause the browser manufacturers
>> to change their code base over drastically
>> and put in a new security model.
>
>
> The "browser manufacturers" are not just Netscape and Microsoft any
> more. It really is practical to fix the open source browsers to do
> whatever we want; that solves part of the problem. The next problem
> would be to convince browser distributors (who are just developers
> like us), by rational argument, that these patched versions should
> be the "official" versions. In any case we won't get anywhere by
> assuming that it isn't possible to change anything.


Let me tell you where I've been trying to
do this for the last two years or so.  The
cryptography group run by metzdowd
appears to be where a lot of the crypto
programming community hangs out, and
is a "bastion" of Internet security thought.
There, the cryptographers will mostly
disagree with the notions presented here,
but the programmers will mostly agree.
However, 2 years ago, that was 95% against.
Now it's split 50-50.  That's just my guess,
and I'd love to hear from others on the
same forum as to whether they perceive
- observe, not assume - anything like that?

In the browser community the best place
is the mozilla groups crypto & security.
The programming community in Mozilla
is 100% against the notions discussed
here.  However some of the CAs and some
of the more non-technical folk are seeing
the merit, and the recent Shmoo thing
has sparked a big debate about why it
happened, which is very very positive
(for reasons I've already outlined).

(The reason the crypto programmers in
Mozilla believe that the HTTPS/PKI model
is correct is because nobody of authority
is telling them any different.  See the 1st
para above.  The programming team at
Mozilla are not crypto guys and they do
not question the model.  They are too
busy for that.)

The Konqueror group doesn't have a
forum at all, AFAICS, and the security
email hasn't responded.  Microsoft will
not do a thing until someone else succeeds
and shows them what to do.  Opera and
the others, I know not.

In terms of patched systems, something
very similar to this was done 3-4 years back
by a uni team.  The patch was not accepted,
but the paper remains a good one.  See
above.

The A&A paper includes more or less all
that is needed and is already coded up
as a plugin.  It more or less dominates the
pet name thing in architecture, and more
or less dominates it in its security approach
to phishing.  It's better thought out, and
has undergone critical review and migrated
because of some hard talking and some
scientific reasoning.

So, yes, we all who are working to deal with
phishing would certainly value your help.
But it would be a really good idea if any
one who wants to help starts from the
point of view of seeing what else is out
there and seeing what they can pick up on
and save effort on.  Science is done standing
on other's shoulders, and engineering is
done by using other's hard work.

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/

More information about the cap-talk mailing list