Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

Huh? How is it that Pet Names don’t solve this problem?—Mark

➡

Firstly, as above, the browser needs to index from the cert, and currently does not.—Ian

➡

I have no problem with Pet Logos, so long as they follow the Pet Name logic.—Mark

➡

Yes, if the user ignores words. Or, are you saying that using logos is a subset of petnames, in your lexicon? —Ian

If the user ignores words, then they can’t be misled by them. What threat model are we addressing? —Mark

<thinks> that a URL is introduced into the browser that shows a facsimile or mockup of a trusted site.

The thing is that words are "low bit rate" whereas logos can be "rich" which provides a more efficient processing scenario for the brain. A picture is worth a thousand words, and all that. As the notion of who the site is has more to do with the eventual presentation, and some cunning trick pulled by the phisher, a concentration on names and conflation is probably only a subset of the security space.—Ian

A logo is only a Pet Logo if the choice of which logo to display follows Pet Name logic. In that case, fine. I’ve only skimmed <cs.biu.ac.il> , but, as far as I could tell, they don’t use Pet Name logic to determine what logo to display. If indeed they don’t, then these wouldn’t be Pet Logos, and I fail to see how this system would then solve the problem.—Mark

Is there anything anywhere that expands the pet names concept to logos? Or is this something that evolved without anyone really thinking about it?

Also, where is the "Pet Name logic" ? I’ve seen some views of this in PNML document, but the logic seems more assumed than written.

"pet names are understood to be specific (and private!) to the relationship between two people."

<erights.org>

Random question:

Under what conditions does an agent release a petname? Under what conditions does an agent translate a petname? How does an agent deal with an incoming petname?—Ian

I’ve put a lot of time into understanding and integrating the ideas in that paper. I agree that it might not be expressed very well, that’s the problem with an overly rich subject space, I suspect. I had to spend a lot of time talking to Amir before I could wrap my head around what he was trying to do. To be fair, he had to do the same to understand my perspective.

My understanding is that it does use a logic akin to the logic behind pet names. But, until now, it never occurred to me that this logic might be generalised in such a fashion. And even now, I’m not sure. I’d really need to compare the two in depth to see, and both are incompletely documented and there are only so many hours in a day.

As an aside, not necessarily disconnected, I spent a few moments reviewing Zooko’s triangle last night, and tied in the Ricardian Contract as a Type 4 in his numbering. Now, the crossover is that Zooko’s triangle is I’d assert more foundational than the pet names structure, as it is the foundation on which pet names sits. Or, to put it another way, pet names may be one bug fix to the law of ZT. Or, a third way is that this is the engineer’s viewpoint, and this is an engineering problem as much as it is a theoretical security problem.—Ian