Re: [cap-talk] Re: First point of consensus

Tyler Close list at waterken.net
Wed Feb 9 13:48:01 EST 2005 

On Feb 9, 2005, at 1:12 AM, Ka-Ping Yee wrote:
>
> On Tue, 8 Feb 2005, Tyler Close wrote:
>> The three attack scenarios you listed in your
>> argument against the address toolbar all involve a website running a
>> phishing attack against itself, not against another website.
>
> I'm not sure what you're referring to here.  If you are talking about
> the message in which i listed (a) being recommended "p\u0430ypal.com"
> and typing in "paypal.com", (b) users not wanting to type in long
> URLs, and (c) e-gold donations requiring a form submission, then
> what you say above doesn't make sense to me.  There are no websites
> running phishing attacks against themselves in my examples.

I should have only referred to example (a). You are right that the other
two examples are not relevant.

In (a), the trusted site chose the name "p\u0430ypal.com" for itself, a
name that is readily confused with "paypal.com". The trusted site is
doing the exact opposite of what the Shmoo URLs do. The trusted site is
tricking its own users into going to a different site. I categorize
this scenario as a site running a phishing attack against itself. Do
you understand why I make this categorization?

Do you have any other attack scenarios?

>> My biggest concern about interplay with other navigation mechanisms
>> is addition of other anti-phishing features. Some have been naively
>> arguing for a kitchen sink approach to the problem. I worry that
>> such an approach will make the user interaction model so complex,
>> the user will be befuddled.
>
> It's quite conceivable that the user could be befuddled just from
> having to deal with two navigation/identification mechanisms
> (petname + URL field) instead of one.  That's why i think
> [petname + URL field] is not necessarily a win over [URL field] alone.
> I think it's worth considering alternative petname designs.  (I'm
> still mulling over design possibilities here, nothing to present yet.)

We know that [URL field] alone is a disaster. I don't see how adding the
petname toolbar could make it worse. On the other hand, if we can
convince browser manufacturers to add the petname toolbar, we can
always advise people to turn off the URL field. Today's browsers
already support turning off the URL field.

Tyler

---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

More information about the cap-talk mailing list