Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

Huh? How is it that Pet Names don’t solve this problem?—Mark

➡

Firstly, as above, the browser needs to index from the cert, and currently does not.—Ian

➡

I have no problem with Pet Logos, so long as they follow the Pet Name logic.—Mark

➡

Yes, if the user ignores words. Or, are you saying that using logos is a subset of petnames, in your lexicon?—Ian

➡

If the user ignores words, then they can’t be misled by them. What threat model are we addressing? —Mark

<thinks> that a URL is introduced into the browser that shows a facsimile or mockup of a trusted site.

The thing is that words are "low bit rate" whereas logos can be "rich" which provides a more efficient processing scenario for the brain. A picture is worth a thousand words, and all that. As the notion of who the site is has more to do with the eventual presentation, and some cunning trick pulled by the phisher, a concentration on names and conflation is probably only a subset of the security space.—Ian