[cap-talk] Webkeys vs. the web
Karp, Alan H
alan.karp at hp.com
Thu Apr 2 11:44:52 EDT 2009
David-Sarah Hopwood wrote:
>
> I disagree, because sharing webkeys is an intended feature. As others have
> pointed out, the scenario above does not describe a valid attack -- the news
> item page will not have a direct webkey link to your account page (it might
> have a link that requires reauthentication, but that is not a problem).
I agree that the ability to share webkeys is a useful feature, but I contend that it's too dangerous because of the way people share URLs. I agree that requiring authentication addresses the problem, but one of the goals of webkeys is avoid authentication. Besides, if my intention is to share some authority with you, do I need to tell you my password?
>
> Do you have any other proposed attacks that would motivate treating webkeys
> differently from (other) URLs?
>
I don't consider these examples to be attacks. They are user errors that arise from the inability to distinguish authority bearing webkeys from non-authority bearing URLs. I contend that we need to design our user interface so that users are less likely to make this kind of mistake.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list