Tyler Close wrote:
> I've written a paper that argues that global namespaces, such as those used in the current PKI and in Amir's proposal, are actually a cause of
Tyler, we allow the user to select a logo or icon, so this is a local identifier, just like your petnames... Indeed, the site could also suggest the logo or present a logo certified by some authority, but this is only for convenience and a user that does not trust a particular (or any) authority can ignore these.
Therefore, after reading your paper, it appears to me to be a subset of our proposals. Of course, you may object to our other proposals e.g. the use of logos as a better (imho) identification mechanism.
> phishing attacks, not a solution to them. The paper further argues that the phishing problem is best solved without creating any central authorities like today's CAs or proposed LCAs. The safest solution involves a local namespace maintained within the user's WWW browser.
That's what we currently use as well (except with graphical logos rather than names). But we think users will want to select one or more authorities to automate this process - and we should enable that as well.
> > The paper is available at: > > http://www.waterken.com/dev/YURL/Name/
Please compare to ours at http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm
> > There is a proof-of-concept implementation at: > > http://www.waterken.com/dev/Browser/
We are still experimenting with our implementation, which is a simple modular extension to Mozilla (in Javascript, etc.). It works great for our personal use and we will put it in the site later this month or next month. We want to be reasonably confident it works smoothly (we expect most people will want to use it regularly once they tried).
>
> I'd very much like to incorporate these mechanisms into the Firefox browser. I'd appreciate feedback on the concepts as well as implementation advice or assistance.
We appreciate your (and others) feedback. So far, we manage the implementation Ok.
Best, Amir Herzberg _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
