Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

The central point of my essay on the petname toolbar is that phishing is the result of name conflation.—Tyler

➡

So how, in this system, does the user come to trust Paypal (as opposed to someone pretending to be Paypal)?—Ben

➡

If I’m understanding the discussion so far, I think the answer is that the issue of trust is separate from the issue of identity.—Jed

➡

Indeed, but I am no closer to understanding how the user ever gets to a state where they can do anything useful. Try this for a thought experiment. I have a brand new laptop. I have no petnames for anything, obviously. What do I do now? Describe the process by which I end up with a petname for Paypal that actually links to the real Paypal.—Ben

I gave some examples in my next message on this topic. Perhaps you could address them. For example, I gave the example where someone I trust could say, "If you visit the site, view it’s SSL certificate and find that it’s MD5 Fingerprint is A9:04:4D:...:E2:31:9A then I can trust that it’s "Paypal" the organization that you can place some trust in."

Does that answer your question? If you are asking the deeper question of how one bootstraps trust relationships to begin with (e.g. consider communicating with extraterrestrials with whom we can have no physical contact) then we could go there, but I think we are getting pretty far afield from "Firefox breaks the principle of identifiability"—which I do believe Petnames solves.—Jed

I agree it solves the problem of confusable URLs. I can’t get very excited about that without a solution to the problem of how I realistically get hold of things to associate petnames with. Currently, if I want to go to Paypal’s site, I type it in—petnames don’t help me.—Ben

Yuck! I’m a security geek, and even I couldn’t stand to use this kind of mechanism on a regular basis. Do we really expect others to be willing to put up with this? That’s straining credulity.

Let me step back a minute. I think there are two worldviews here.

The crypto-purist’s view: Public keys are the only names you can trust. The only way you can be introduced to Coca Cola is to have someone you trust absolutely give you Coca Cola’s public key. When you want to communicate with Coca Cola, you should always specify who you want to communicate with by telling the computer Coca Cola’s public key. As an optimization, you can tell the computer Coca Cola’s public key once, and establish a pet name, but that’s just an optimization. As another optimization, we can let the SHA1 fingerprint stand in as a substitute for Coca Cola’s public key, but that’s just another optimization. If you want to be introduced to Coca Cola through a non-electronic channel, the introducer has to tell you Coca Cola’s public key (or its fingerprint) and you have to type it into your computer. Names (i.e., public keys) should only be communicated over the computer. IP addresses and domain names are useful only for routing.

The realist’s view: In the real world, sometimes we learn names over non-digital channels. For instance, the name "Coca Cola" has a nearly universal binding. Having your computer insist that the name "Coca Cola" means nothing isn’t helpful. What is the owner of the Coca Cola brand supposed to do? Print their public key at the bottom of every TV ad they ever make, and hope that everyone who sees the ad will meticulously type in a 40-hex digit string? Hopeless. And the idea that people will tell their friends "I drink ee65f5a583fb7b26c753faf610586372409f2ec1" instead of "I drink Coke" seems something far short of plausible.

I have trouble believing that something as extreme as the crypto-purist’s worldview is ever going to be workable in the real world—at least, not as the complete answer. As much as the security geek in me cringes at the thought of advocating a global root of trust like Verisign, I think there is an argument that something short of the crypto-purist’s stance might be required, at least in many cases.—David

Please let me know if the mechanism above suffices. E.g. suppose the ’someone I trust’ is my bank through personal physical exchange.—Jed

This would work. I don’t believe it is practical. —Ben