[cap-talk] Webkeys vs. the web
Karp, Alan H
alan.karp at hp.com
Thu Apr 2 11:44:52 EDT 2009
David-Sarah Hopwood wrote:
> I disagree, because sharing webkeys is an intended feature. As others have
> pointed out, the scenario above does not describe a valid attack -- the news
> item page will not have a direct webkey link to your account page (it might
> have a link that requires reauthentication, but that is not a problem).
I agree that the ability to share webkeys is a useful feature, but I contend that it's too dangerous because of the way people share URLs. I agree that requiring authentication addresses the problem, but one of the goals of webkeys is avoid authentication. Besides, if my intention is to share some authority with you, do I need to tell you my password?
> Do you have any other proposed attacks that would motivate treating webkeys
> differently from (other) URLs?
I don't consider these examples to be attacks. They are user errors that arise from the inability to distinguish authority bearing webkeys from non-authority bearing URLs. I contend that we need to design our user interface so that users are less likely to make this kind of mistake.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk