Let me see if I can address the issue that I think is being raised that I believe to be independent of the original issue of "Firefox breaks the principle of identifiability".

I believe as it seems Mark Miller does that the Petname mechanism solves the identifiability confusion issue. However, what others seem to be raising is the problem that still exists of establishing a trust relationship with an identity. Naturally if someone I trust tells me, "Oh yeah, you can trust ’Paypal’ and uses my "Paypal" Petname I should understand that such a recommendation is nonsense. The choice of the Petname was mine, was essentially arbitrary, and can have no meaningful relationship with the name "Paypal" that my trusted source refers to— except in so far as I establish such a relationship.

So then what can someone I trust tell me that might induce me to trust this identity I’ve established? They might tell me something about what the site can communicate. For example, they might tell me that if I visit the site and view the SSL certificate presented and I find that it’s MD5 Fingerprint is A9:04:4D:...:E2:31:9A then I can trust that it’s "Paypal" the organization that I can place some trust in. They might tell me that if I communicate with the IP address 216.113.188.32 then I can trust that it’s "Paypal" the organization that I can place some trust in, though we all know about the problems with IP spoofing. Ditto DNS and DNS spoofing. They might also tell me that if I view their certificate and I see Organization (O) Paypal, Inc., Serial Number 16:CD:58:...:4D:3D:4f Issued by Organization (O) VeriSign Trust Network then it’s "Paypal" the organization that I can place some trust in, though if they did so I would stop trusting them :-)

I believe, however, that this issue of establishing a trust relationship with an identity is independent of the original "Firefox breaks the principle of identifiability" issue that I believe is solved with the Petname mechanism.—Jed