[cap-talk] Phishing with YURLs and Petnames
tyler.close at gmail.com
Tue Feb 14 19:07:14 EST 2006
On 2/14/06, Toby Murray <toby.murray at dsto.defence.gov.au> wrote:
> I tend to think that saying "Users should not trust an introduction over
> an insecure channel, full-stop" (yeah i've paraphrased Sandro to use
> Aussie dialect) is too much to ask, but maybe I'm wrong.
But we're not asking even that much. The user can check the insecure
introduction against the secure one by clicking on the petname
bookmark. You are assuming that the user will trust the insecure
introduction in preference to the secure one, never even trying to
validate against the previous and frequently used secure channel. I
think that's a stretch. Again, maybe a good story and a naive user
could make it happen, but that will always be the case. The Petname
Tool at least gives the non-naive user a ready indication of the
attack, which is something lacking today.
Assuming either capabilities or a good password manager, even the
naive user can't be phished for authority by a good story.
The web-calculus is the union of REST and capability-based security:
Name your trusted sites to distinguish them from phishing sites.
More information about the cap-talk