[cap-talk] Webkeys vs. the web
Kevin Reid
kpreid at mac.com
Wed Apr 1 17:16:47 EDT 2009
On Apr 1, 2009, at 16:57, ihab.awad at gmail.com wrote:
> On Wed, Apr 1, 2009 at 1:48 PM, Karp, Alan H <alan.karp at hp.com> wrote:
>> Users have gotten used to using URLs in a way that is incompatible
>> with the security properties of webkeys. For example, they are
>> likely to share the URL for a webpage, e.g., Account Summary,
>> without considering the security implications, e.g., whether or not
>> there's a link on that page for Trade Shares.
>
> It's worse than that. To the extent that they understand the model,
> they have come to expect that they can share *their* Account Summary
> URL with me, and that I will see *my* account information displayed
> (assuming, say, we share the same bank).
Evidence?
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list