Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

Let’s say I start with actually visiting my bank, and getting the fingerprint of their cert. I then tediously type that into my machine. Now I can go to the bank’s website, and find their trustable link to PayPal. So, I go to PayPal and transfer some money from my bank into my PayPal account. I want to buy something with that money, so I follow PayPal’s trustable link to eBay. On eBay, I find Joe Sixpack selling the something, so I follow eBay’s trustable link to Joe Sixpack. Joe Sixpack has a friend, Evil Bastard, and a trustable link to him on his website. Now I have a trustable link to Evil Bastard (who Joe Sixpack described as escrow.com) I give my money to Evil Bastard, who promptly disappears, as does Joe Sixpack.

How did this chain of trust help me?—Ben

Forget the tedious typing. You give them your smart card (or something like) and they add a Petname binding to it. You bring it home and plug it into your system with your browser running and the binding is uploaded. Or if you have secure access to their Web site you can pull down the binding from there.—Jed
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

I see, you got the binding to your bank and not to Paypal directly, but that’s fine. So far so good. Nothing tedious or insecure so far from my perspective. So far you’ve trusted your bank, but of course you’re trusting them to some extent with your money in any case.—Jed

I don’t buy that last statement. If I let my bank create arbitrary Petname bindings for me, they can spoof not only themselves, but they can spoof other entity’s sites. I trust my bank with my money (under certain conditions), but I don’t have absolute trust in them. You seem to be saying that your smartcard protocol requires no additional trust in the bank (over the trust that was already necessary in the absence of the smartcard), but I don’t think that is accurate. I think the smartcard makes me vulnerable to the bank in new ways that wouldn’t be a risk if I didn’t use the smartcard protocol.—David

You seem to be assuming more trust that I intended—as noted above. Does the above refinement that notes user control over the Petnames mollify you?—Jed

To me it seems you’re focusing on the wrong aspect of the communication and embellishing the mechanism—e.g. giving more control to the bank. I don’t believe this is a fundamentally difficult problem. Perhaps if you do you can suggest where you believe the problem lies and we can focus on that area rather than continuing to add problems to implementations that I suggest. Better yet, just consider Tyler Close’s suggested implementation and suggest problem areas there—as his mechanisms are documented on the Web.—Jed

Thanks for your patience in clarifying these issues Tyler. email is a pretty rotten means for communication of this type except that it has the practicality advantage of being able to get us all "together" - virtually anyway.—Jed

My pleasure, this is a ’pet’ topic of mine. ;)—Tyler

At that point I hope your bank gave you some pretty strong assurances about PayPal. I’m not sure why they wouldn’t just let you access your money directly from them, but I’ll follow along. So far so good.—Jed

It helped you in that you had some confidence that your money would still be available after you transferred it into PayPal. If it somehow disappeared from Paypal other than by your request then you could hold your bank responsible—perhaps taking them to court (depending on the assurances they gave you).

I don’t know what the addition of the Joe Sixpack -> Evil Bastard link adds to the mix, or eBay for that matter. As soon as you start dealing with the untrusted Joe Sixpack, you have no assurance whatsoever. If you want some assurance in dealing with an unknown entity like that then you need to use an escrow mechanism. Your bank could set one up for you. You know them, you trust them ;-) Of course they will charge you something for the escrow account. I haven’t yet done a transaction over eBay, but I have done Internet transactions that required an escrow account (e.g. selling a DNS name). Seems to me to work fine.

Where do we stand at this point? You still seem to see problems (tedious typing and the inability to communicate trust) that I believe have technical solutions. I accept that solving those problems doesn’t solve all the world’s problems (e.g. dealing with unknown and untrusted entities like Joe Sixpack), but I believe such solutions do provide a basis for helping with a variety of transactions that are otherwise more difficult. In any case I believe we’re way past the issue of Firefox breaking the principle of identifiability. Perhaps you’ll have a better time in the thread with Tyler Close. I’m interested to hear him ’...get to it...".—Jed

Then I’ve overinterpreted the meaning of "trust" in "trustable link". A trustable link is only saying "this link refers to the party I call X". It’s up to me to decide how much I trust X based on information from the introducer and how much I trust the introducer. In the case of my bank introducing me to PayPal, I’m likely to assign a reasonable degree of trust. First of all, PayPal is widely known not to cheat people. Second, my bank stands to lose my business if it introduces me to a phony PayPal. I’d probably make a similar assumptions about PayPal’s introducing me to eBay, although perhaps with less assurance, since my business relationship with PayPal isn’t as strong as with my bank. I can trust eBay’s introduction of Joe Sixpack only to the extent that eBay is willing to stand behind it. In this case, that’s the limit of the insurance eBay provides. I have no basis to rely on any introductions provided by Joe Sixpack. Doing so is just foolish.—Karp