[cap-talk] A petname toolbar for Firefox - more consensus discussion (end)

[Jed Donnelley]

At 02:52 PM 2/22/2005, Ka-Ping Yee wrote:
>On Mon, 21 Feb 2005, Tyler Close wrote:
> > Given this warning message phrasing, I also agree with Ping and Jed...
>
>You're right -- ... The user should be proactive, not reactive.

I agree.

> > I think it is important that there also be a way to turn off these
> > warnings, other than by assigning a petname to an untrusted site.
> > Interacting with an untrusted site will be a common task, so the
> > clutter would be annoying. There needs to be a way to cast off the
> > training wheels, without undermining the protection model.
>
>I think the distinction between naming and trusting is an important
>distinction being missed here.  What you refer to as "untrusted sites"
>are really un*named* sites.  Whether or not i have named a particular
>entity is orthogonal to whether i trust it to do a particular thing.

I also agree here.  I think this relates to what I was saying to Nick Szabo.

>(To be sure, when i name something, the name mapping itself should be
>trustworthy, but trust in the mapping is not the same issue as trust
>in the named entity.)

Exactly.

>When i name something, that does not imply
>that i trust it.  The name also can be useful to me as an indicator of
>untrustworthiness.

True.  However, I think it likely that if people use Petnames as
we are thinking about here then a primary value will be to safely
(from phishing) name a site with which there is some sort of
trust relationship.

>In my opinion, the petname system's job is to maintain reliable name
>mappings for me, not to make assumptions about trust.  In general,
>software can provide me information (whether that consists of gathering
>external information or augmenting the reliability and capacity of my
>own memory) to help me decide who to trust, but it can't decide *for*
>me who i trust.

We're on the same page.

>Therefore, yes, interacting with an untrusted site will be a common task,
>and that is something we cannot (and should not try to) change.  But
>interacting with an unnamed site does not have to be a common task; in
>fact, in order to establish the name mapping system as a reliable and
>natural part of normal workflow, we should strive to make that uncommon.

Hmmm.  One thing about that, I agree with others that we don't want
to make the Petname mechanism appear as a burden to be avoided.
I'm quite content to wade into any new world of better name binding
by starting to assign Petnames to sites that I've developed some
amount of trust for (bank, broker, human resources, paypal perhaps,
some shopping sites with a relationship) and use the Petnames
to help assure myself that I'm not being mislead by phishing, but
*not* to assign Petnames to the vast majority of sites that I interact
with.

As I mentioned in my other email, I think it would help to distinguish
between "unnamed" as you say and "untrusted" (an active designation)
sites in addition to sites with assigned Petnames.  I also think
help with name collisions would be useful - something along the
lines of what I think Bill Frantz mentioned at one point.

For me (blue sky) a simple thing would be to allow the 'Petnames'
"untrusted" and "unknown" to be overloaded and perhaps to make
them more visible (e.g. Bold or red or something like) with "unknown"
the default (no Petname in the database).

I understand that I'm fiddling with UI niceties here and that I'm convinced
of the base value of Petnames - though perhaps not as overarching a value
as some seem to think has been implied by the discussion and by the
proposed "First point of consensus".

I'm not sure this will help, but how about if I throw some more
words into the mix in an effort to push us more toward consensus:
_________________________________________________________
The Petname mechanism is a tool that allows users to associate a
name (the "Petname") with a safe binding to a known Web site.
Such a name binding can help users avoid "phishing" attacks.
If a user sees a bound Petname in the toolbar they can have confidence
the site they are communicating with is the same site that they gave
the Petname to.
__________________________________________________________

Perhaps overly wordy, but does the above capture the value of Petnames?