Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

➡

The central point of my essay on the petname toolbar is that phishing is the result of name conflation.—Tyler

➡

So how, in this system, does the user come to trust Paypal (as opposed to someone pretending to be Paypal)?—Ben

➡

If I’m understanding the discussion so far, I think the answer is that the issue of trust is separate from the issue of identity.—Jed

➡

Indeed, but I am no closer to understanding how the user ever gets to a state where they can do anything useful.—Ben

➡

I gave some examples in my next message on this topic. Perhaps you could address them.—Jed

➡

I agree it solves the problem of confusable URLs.—Ben

➡

So the fact that the WWW does not currently support safe hyperlinking doesn’t bother you?—Tyler

➡

I’m ready to hear it. Perhaps you could just point me to some stuff on your YURLs.—Jed

➡

For now, I am just going to give you some links. I really want to try the discussion in steps this time.—Tyler

➡

Hooha! I’m delighted to see the YURL mechanism uses a "hash of a public key" (essentially equivalent to the certificate fingerprint I believe?). I just pulled that binding out of my a** for the discussion when I was trying to find a way to get involved. I’m glad to see some common thinking there.

I’ll try to use your syntax and mechanism in future as it seems clear you’ve put more thought into it that what I was making up on the fly.—Jed