[cap-talk] Webkeys vs. the web

[Raoul Duke]

> Users have gotten used to using URLs in a way that is incompatible with the security properties of webkeys.  For example, they are likely to share the URL for a webpage, e.g., Account Summary, without considering the security implications, e.g., whether or not there's a link on that page for Trade Shares.

since a web key could be used to do anything (i mean, it depends on
what app, but e.g. there could be a web key on earth that is "launch
the missiles!") then i guess i'd want to start with a system that
wasn't just through-obscurity but where things really were opaque.

apologies, i guess fundamentally i do not grok the basic idea / use
cases. it doesn't seem like there really is a way to have the cake and
eat it too, to me. the discussion around web keys has always befuddled
me because on the one hand these are *keys* and on the other hand
people can just copy and paste them?!?!

sincerely.