On Dec 3, 2004, at 9:50 AM, Gervase Markham wrote:
while Tyler has suggested the use of petnames for the user's idea of what each site is.
We have that - it's called bookmark keywords.
Bookmark keywords and petnames are similar concepts, but with some crucial differences. These differences are what thwart phishing attacks.
A bookmark keyword is a mapping from a user chosen word to a URL: [ keyword => URL ]. The user enters the keyword and the browser navigates to the corresponding URL.
In general, a petname is a bidirectional mapping between a user chosen word and a self-authenticating designator. In the context of a WWW browser, a petname is a mapping from an SSL public key hash to a user chosen word: [ SSL public key hash => petname ]. After navigating to a URL, the browser looks up the corresponding petname and displays it, or displays "unknown" if no petname is currently assigned. It's this reverse mapping, not performed by keywords, that thwarts phishing attacks. I've written a paper detailing how and why this works, see:
http://www.waterken.com/dev/YURL/Name/
While we're on the topic of bookmark keywords and phishing, I have a gripe with the current implementation of keywords in Firefox.
I use Firefox keywords to keep links to my online bank account, and other important accounts. This way, I can be sure I am using the correct URL each time I access the account. Unfortunately, if I mistype the keyword, Firefox does not notify me of my error, but instead navigates to some other site, without providing any indication that something may be amiss. A clever phisher could guess what keyword most users are using for an important site and put phishing sites at the locations Firefox chooses for the common misspellings of the keyword. This behavior is just broken.
The set of keywords that the user has established form a private namespace that allows the user to communicate URLs to the browser. Since users are error prone, this communication channel can only be safe for the user if errors are detected and signaled.
I recommend that if the user enables keywords, the browser disable all other interpretation of non absolute URL strings entered into the navigation toolbar.
Purely on the useability front, it would also be nice if Firefox allowed the user to enter a keyword directly in the "Bookmark this Page..." dialog.
Tyler
--- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
