Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

The central point of my essay on the petname toolbar is that phishing is the result of name conflation.—Tyler

➡

So how, in this system, does the user come to trust Paypal (as opposed to someone pretending to be Paypal)?—Ben

➡

If I’m understanding the discussion so far, I think the answer is that the issue of trust is separate from the issue of identity.—Jed

➡

Indeed, but I am no closer to understanding how the user ever gets to a state where they can do anything useful.—Ben

➡

I gave some examples in my next message on this topic. Perhaps you could address them.—Jed

➡

I agree it solves the problem of confusable URLs.—Ben

➡

What don’t you believe is practical?—Jed

➡

Let’s say I start with actually visiting my bank, and getting the fingerprint of their cert. I then tediously type that into my machine.—Ben

➡

Forget the tedious typing. You give them your smart card (or something like) and they add a Petname binding to it.—Jed

➡

I’m sorry to be such a curmudgeon here, but-- this doesn’t sound like a solution I can get terribly excited about.—David

➡

To communicate about third parties, we need to first securely agree on a common semantics. The problem of secure general agreement is a property rights problem, and particular a property titles problem. It’s like agreeing on who owns the land, and what are its boundaries. I’ve tackled this problem in depth at <szabo.best.vwh.net> More information on the distributed database system that the secure title system is based on can be found at <szabo.best.vwh.net>—szabo

➡

Nick, I guess the first link is this one? <szabo.best.vwh.net>—Ian