[cap-talk] Re: First point of consensus

Tyler Close list at waterken.net
Wed Feb 9 23:25:52 EST 2005 

David Hopwood and Alan Karp have made similar comments about the 
advantages of the petname toolbar over the address toolbar. Maybe this 
is the root of a consensus statement.

On Feb 9, 2005, at 3:55 PM, David Hopwood wrote:

> Tyler Close wrote:
>> Talking about the petname toolbar solely in terms of degree gives the
>> impression that a highly skilled phisher will defeat an educated and
>> alert petname toolbar user. I think we can reach consensus that this
>> impression is false. What do you think?
>
> How about this:
>
>   When users rely on domain names or the address toolbar, they
>   do not have sufficient information to avoid phishing attacks, no
>   matter how alert they may be. When user rely on pet names, they do
>   have the required information.

On Feb 9, 2005, at 10:45 AM, Karp, Alan H wrote:

> The problem with the location field in a browser is that it doesn't 
> give
> adequate information to make an intelligent decision.  The Pet Name
> Toolbar does.  It gives me a chance to get it right.  That doesn't mean
> that I will always get it right, though.  I might be sleepy, drunk, or
> simply distracted.  However, unlike the situation today, I'll at least
> have been given the information I need.
>

How about:

"A petname toolbar provides a reliable indication of a trust 
relationship between a user and a website. This indication enables user 
detection of phishing attacks. A domain name display fails to 
communicate this information, leaving the user vulnerable to a phishing 
attack."

By using the phrase "enables detection", this statement covers only the 
function of the petname toolbar and leaves open the question of whether 
or not users will understand the petname toolbar, and benefit from the 
function. Hopefully Ping will be able to give us a stronger statement 
after some user testing.

Do I have any takers?

Tyler

PS

Thanks to everyone who has contributed to this thread. It's clear that 
a lot of time and effort has been expended.

---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

More information about the cap-talk mailing list