Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

The central point of my essay on the petname toolbar is that phishing is the result of name conflation.—Tyler

➡

So how, in this system, does the user come to trust Paypal (as opposed to someone pretending to be Paypal)?—Ben

➡

If I’m understanding the discussion so far, I think the answer is that the issue of trust is separate from the issue of identity. When the Petname is set up, the name "Paypal" is bound to an identity. Any trust is independent of that identity. In an effort to pretend to be Paypal, "someone" would have to establish another identity. Of course the identity Paypal is already taken. Whatever identity the user set up for this someone, it would be different from "Paypal". This seems to make "trying to pretend" inherently difficult. What would induce a user to use a Petname like Paypa1 that could be easily confused with Paypal?

How much the user chooses to trust either the Paypal identity/Petname or this other non-Paypal identity/Petname is of course up to the user with input from others such as friends, authorities, etc.

I hope I’m close to the base issue.—Jed

What do you mean "of course"? By what mechanism did the user identify the "real" Paypal? How do you know they’ve ever even come across Paypal before?—Ben

A website that says "this is the Paypal website" all over it, perhaps? —Ben

That wouldn’t induce me (at least) to use a name like Paypa1 (note the digit one = 1 vs. the letter "l"). Doing so could only result in confusion. It might induce me to establish a trust relationship with whatever identity I choose to give the site (e.g. NewPaypal or perhaps it’s the first "Paypal" that I’ve assigned an identity for and I choose "Paypal" as the Petname for this site. However, assigning any trust to such a site based on it’s saying "this is the Paypal website" would be foolish.—Jed

Indeed, but I am no closer to understanding how the user ever gets to a state where they can do anything useful. Try this for a thought experiment. I have a brand new laptop. I have no petnames for anything, obviously. What do I do now? Describe the process by which I end up with a petname for Paypal that actually links to the real Paypal.—Ben

I gave some examples in my next message on this topic. Perhaps you could address them. For example, I gave the example where someone I trust could say, "If you visit the site, view it’s SSL certificate and find that it’s MD5 Fingerprint is A9:04:4D:...:E2:31:9A then I can trust that it’s "Paypal" the organization that you can place some trust in."

Does that answer your question? If you are asking the deeper question of how one bootstraps trust relationships to begin with (e.g. consider communicating with extraterrestrials with whom we can have no physical contact) then we could go there, but I think we are getting pretty far afield from "Firefox breaks the principle of identifiability"—which I do believe Petnames solves.—Jed

Please let me know if the mechanism above suffices. E.g. suppose the ’someone I trust’ is my bank through personal physical exchange.—Jed

This would work. I don’t believe it is practical. —Ben