[cap-talk] Posters on Polaris and Petnames
Jed at Webstart
donnelley1 at webstart.com
Wed Jul 6 16:40:53 EDT 2005
At 11:55 PM 7/5/2005, Ka-Ping Yee wrote:
>I'm attending SOUPS (http://cups.cs.cmu.edu/soups/) this week,
>and will be presenting two posters. The posters can be seen at
>I hope they do justice to the good work by people on this list
>that they represent. I welcome your thoughts and comments.
Hi Ping. The focus on the two problems looks good to me. I'll
make a few comments.
1. On phishing, identification, and SSL: I believe SSL is a technology
that addresses itself to more than just identification. SSL also
serves to encrypt information that is transmitted across the Internet
to protect it from eves dropping. I believe SSL has been quite
successful in this encryption and protection of information role.
To refer to "The Failure of SSL" without qualification seems a bit
over broad to me. Perhaps something like "SSL does not identify
destinations"? or "SSL fails to safely identify Internet sites"?
I was amazed when I saw your chart indicating that US Bank, PayPal,
and eBay don't use SSL on their default login page. Why in the world
not I wonder? The only possibility that comes to mind is to save users
the cost of linking to an SSL protected page for the login. Wow.
Many of the personal IDs and passwords for US Bank and PayPal
and AOL customers fly across the Internet in clear text???
I have to admit that I'm a little confused by some of the "Classification
of Attacks" data. For example,
'41% of attacks are unaddressed by solutions that require the
target site to use SSL'
I believe the Waterken petname tool requires the target site to
use SSL - for a certificate to bind the petname to. Does that
mean that some portion of those 41% are unaddressed by
the Waterken petname toolbar mechanism? I don't think so,
but it seems to me the statement could be taken that way.
Perhaps what you were saying is that 41% of attacks would
not be prevented if the target site switched to using SSL?
Similarly with the statement that "96% of attacks are unaddressed
by solution that use certificate data to judge sites". I believe
the Waterken petname toolbar uses certificate data to judge
sites. While it is the user who assigns the petname to a
site, as I recall the toolbar mechanism binds the petname to
the site by matching the certificate data.
I like the right side of the phishing chart. Of course I believe it is
subject to attack by those who believe in the value of CA identification
(not me) - e.g. by asking whether a prompt (e.g. popup) was
raised regarding the attacker at the top, and if not why not. Also by
asking how the green identification (which I can barely see in the
PNG image I have, but which I assume is more visible on the
poster) came to show up at the right and how THAT identity was
Still, the poster seems to me likely to raise appropriate
2. Viruses and authority. The focus generally seems reasonable
to me. Two minor thoughts:
When you say "Half an hour goes by as your computer
cleans itself of all known viruses" you might add (which
may have already done irreparable harm. How did the
virus come to be on the computer?).
On the right side of that chart the reference to "Polaris" seems
to come out of the blue. Of course I know what Polaris is in
this context, but it would seem to me wise to make clear that
the proposed solution - enforcing the Principle Of Least Authority
(aside: why not mention it by name and POLA to spread the
word?) is not specific to Polaris but can potentially met with
other technologies and/or implementations. E.g.:
"Running programs under the Principle Of Least Authority,
e.g. Polaris, Plash, or other capability based mechanisms."
If you like the second line could be:
"e.g. Polaris for Windows, Plash for Unix, or other capability systems".
I really like the head in the sand picture. I think that says
it all with regard to this problem. I wish I had such a head in
the sand picture with the prostrate figure wearing one of those
silly robes that you get in hospitals that are open at the back.
That's how I feel every time I run a new program on a Windows
Just some thoughts/comments. You asked.
More information about the cap-talk