[cap-talk] Webkeys vs. the web

[Raoul Duke]

> I don't consider these examples to be attacks.  They are user errors that arise from the inability to distinguish authority bearing webkeys from non-authority bearing URLs.  I contend that we need to design our user interface so that users are less likely to make this kind of mistake.

ok, i think that helps me understand a bit better, thanks! -- the
distinction between calling it an attack vs. just an unfortunate event
is what i didn't get. the thing is, i don't understand how you can
hold that opinion, given the examples you've used! :-) if it is just
"less likely" that i'll accidentally send you direct access to my
Schwab account, or to the write cap of my blog, rather than it being
"simply not doable", that makes me wonder just how much "less" it
really is. if not much then that doesn't seem like a good goal.

i suspect people have sketches of end-to-end apps in their heads which
are what they base statements on, and i just don't have that in my
head -- at least, not a sketch that yet makes safe sense to me. e.g. i
think it was Ihab who mentioned using HTTPS to avoid eaves dropping,
which then in theory lets us say that as long as the browser
environment can't nefariously pass webkeys along to some attacker,
then as long as the browser doesn't expose webkeys then everything is
sewn up tight enough? but then can you bookmark things, how does
history work, etc.

(if i were more of an actually useful contributor rather than just
constantly slow and befuddled, i'd ask the favor of working out some
use cases and end-to-end flow charts of proposed systems visually on a
whiteboard, to help everybody get the gestalt, and to help show
different thoughts side by side. :-)

sincerely.