Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

What don’t you believe is practical? The communication of the trust relationship from one entity to another (e.g. from your existing bank to Paypal) or the binding of the communicated trust to a Petname? Or something else?

It seems to me that if I have an existing trust relationship and via known secure communication with that trusted entity I receive a message like: __________
 You can trust the entity at www.paypal.com with the certificate with MD5 Fingerprint:

A9:04:4D:C2:74:5E:05:D9:28:44:E0:8C:53:E2:31:9A

to be the "Paypal" service as I describe in this document. You may assign it the Petname "Paypal" and trust it as described herein. __________

The one thing I think might be missing is the binding of the Petname to the fingerprint. Binding it to an IP address or DNS name has known problems. If there was a binding to a fingerprint as above (I don’t know, there may be), would that suffice? Would you consider that ’practical’? If not, why not?—Jed

The physical communication of trust relationships. —Ben

Let’s say I start with actually visiting my bank, and getting the fingerprint of their cert. I then tediously type that into my machine. Now I can go to the bank’s website, and find their trustable link to PayPal. So, I go to PayPal and transfer some money from my bank into my PayPal account. I want to buy something with that money, so I follow PayPal’s trustable link to eBay. On eBay, I find Joe Sixpack selling the something, so I follow eBay’s trustable link to Joe Sixpack. Joe Sixpack has a friend, Evil Bastard, and a trustable link to him on his website. Now I have a trustable link to Evil Bastard (who Joe Sixpack described as escrow.com) I give my money to Evil Bastard, who promptly disappears, as does Joe Sixpack.

How did this chain of trust help me?—Ben

Forget the tedious typing. You give them your smart card (or something like) and they add a Petname binding to it. You bring it home and plug it into your system with your browser running and the binding is uploaded. Or if you have secure access to their Web site you can pull down the binding from there.—Jed
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

I see, you got the binding to your bank and not to Paypal directly, but that’s fine. So far so good. Nothing tedious or insecure so far from my perspective. So far you’ve trusted your bank, but of course you’re trusting them to some extent with your money in any case.—Jed

I don’t buy that last statement. If I let my bank create arbitrary Petname bindings for me, they can spoof not only themselves, but they can spoof other entity’s sites. I trust my bank with my money (under certain conditions), but I don’t have absolute trust in them. You seem to be saying that your smartcard protocol requires no additional trust in the bank (over the trust that was already necessary in the absence of the smartcard), but I don’t think that is accurate. I think the smartcard makes me vulnerable to the bank in new ways that wouldn’t be a risk if I didn’t use the smartcard protocol.—David
 
 
 
 

At that point I hope your bank gave you some pretty strong assurances about PayPal. I’m not sure why they wouldn’t just let you access your money directly from them, but I’ll follow along. So far so good.—Jed

It helped you in that you had some confidence that your money would still be available after you transferred it into PayPal. If it somehow disappeared from Paypal other than by your request then you could hold your bank responsible—perhaps taking them to court (depending on the assurances they gave you).

I don’t know what the addition of the Joe Sixpack -> Evil Bastard link adds to the mix, or eBay for that matter. As soon as you start dealing with the untrusted Joe Sixpack, you have no assurance whatsoever. If you want some assurance in dealing with an unknown entity like that then you need to use an escrow mechanism. Your bank could set one up for you. You know them, you trust them ;-) Of course they will charge you something for the escrow account. I haven’t yet done a transaction over eBay, but I have done Internet transactions that required an escrow account (e.g. selling a DNS name). Seems to me to work fine.

Where do we stand at this point? You still seem to see problems (tedious typing and the inability to communicate trust) that I believe have technical solutions. I accept that solving those problems doesn’t solve all the world’s problems (e.g. dealing with unknown and untrusted entities like Joe Sixpack), but I believe such solutions do provide a basis for helping with a variety of transactions that are otherwise more difficult. In any case I believe we’re way past the issue of Firefox breaking the principle of identifiability. Perhaps you’ll have a better time in the thread with Tyler Close. I’m interested to hear him ’...get to it...".—Jed

Then I’ve overinterpreted the meaning of "trust" in "trustable link". A trustable link is only saying "this link refers to the party I call X". It’s up to me to decide how much I trust X based on information from the introducer and how much I trust the introducer. In the case of my bank introducing me to PayPal, I’m likely to assign a reasonable degree of trust. First of all, PayPal is widely known not to cheat people. Second, my bank stands to lose my business if it introduces me to a phony PayPal. I’d probably make a similar assumptions about PayPal’s introducing me to eBay, although perhaps with less assurance, since my business relationship with PayPal isn’t as strong as with my bank. I can trust eBay’s introduction of Joe Sixpack only to the extent that eBay is willing to stand behind it. In this case, that’s the limit of the insurance eBay provides. I have no basis to rely on any introductions provided by Joe Sixpack. Doing so is just foolish.—Karp