Re: [cap-talk] Re: First point of consensus
Tyler Close
list at waterken.net
Wed Feb 9 17:18:02 EST 2005
On Feb 9, 2005, at 1:16 PM, Ka-Ping Yee wrote:
> The
> problem is merely that the assumptions you are making here are not
> well-defined enough for me to confidently say that adding a petname
> toolbar to an existing browser will prevent phishing.
I still think you are reading 'prevent' as 'preclude', but I am happy to
work on a wording that you and others will be comfortable with.
> We don't
> even know what it means to "correctly" design or implement petnames
> yet.
I think there's a lot of solid logic in my YURL Naming paper, much of
which is relevant to many of the sub-threads that are currently active.
See <http://www.waterken.com/dev/YURL/Name/>. I've spent a lot of time
thinking it over, restarted several times, and followed many alternate
approaches.
User foibles may mock my logic, but I think a successful user
interaction model for managing trust relationships requires a simple
and reliable logic at its core. Some may not want to admit it, but
today's phishers are attacking the faulty logic that underlies the
DNS/PKI.
> We don't know how it will interact with the user's use of
> other navigation mechanisms.
Your tests should be very informative.
> And yes, i am remaining open to the possibility that adding the
> petname toolbar without modifying anything else could do more harm
> than good. (For example, if users just start assigning names to
> everything out of habit, that could promote a false sense of trust.)
>
> I would categorize this as the petname toolbar being presented out of > context. In my paper, I am very specific about when a petname should
> be assigned. User training should make this point with equal emphasis.
>
> I find the form of the claim too broad. I think we may have a much
> better chance of finding consensus by starting with simpler
> statements, and building up from there. Here's an example i would
> support:
>
> When a user uses a petname instead of a domain name to
> identify a website, his or her vulnerability to misdirection
> is significantly reduced.
This statement talks about the change in terms of degree, whereas the
petname toolbar creates an absolute change in some aspects of the
problem.
For example, unlike the address toolbar, the petname toolbar is
incorruptible. The phisher cannot enlist the help of the petname
toolbar in deceiving the user. As the Shmoo URLs show, a correctly
implemented address toolbar can be made to assist the phishing
deception. This point is important and I suspect is near consensus on
the cap-talk list.
Talking about the petname toolbar solely in terms of degree gives the
impression that a highly skilled phisher will defeat an educated and
alert petname toolbar user. I think we can reach consensus that this
impression is false. What do you think?
Tyler
---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
More information about the cap-talk
mailing list