Re: [cap-talk] Re: First point of consensus
Tyler Close
list at waterken.net
Wed Feb 9 17:54:01 EST 2005
On Feb 9, 2005, at 1:48 PM, Ian G wrote:
>
> Tyler Close wrote:
>>
> I am claiming:
>> 1. The petname toolbar conveniently presents all the information
>> needed to avoid a phishing attack.
>> 2. An attacker cannot trick the petname toolbar into assisting the
>> deception.
>
>
> Sure he can. He sticks a virus into your
> computer, rewrites your pet name database,
> and then inserts the email into inbox. Now,
> you're probably going to say you assumed
> viruses away, but they are already out there,
> infecting user's DNS files.
Ian, did you read David Hopwood's email quoting Dijkstra's
"integralism"? If not, I think you should. The phenomenon is highly
applicable.
I think the petname toolbar is a solution to the phishing problem, not
to the virus problem.
> "To defend against phishing, we need only prevent
> subversion of existing trust relationships."
The above quote is taken from an email that was establishing a
definition for 'phishing'. The email was in response to Ben Laurie, who
noted a possible omission in the definition, but treated the statement
as a definition. This is a necessary part of problem solving. It is not
a claim or a sales pitch.
> It may be a great sales technique, but it really slows
> down the process of doing a security design, because
> everyone else has to a) mentally unravell what's
> wrong with it, and b) figure out whether there is
> anything left of value. It's very expensive in every
> body else's time to deal with.
Your continuing hostility is duly noted.
Tyler
---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
More information about the cap-talk
mailing list