On Fri, Jun 04, 2004 at 02:43:04PM -0500, Andy Bakun wrote:
| Exactly. I think there is too much concentration on the hoopla --
| people are going to think "these geeks are figuring it out, thank god,
| because I don't want to have to think about it", but are not actually
| going to change their habits and be more aware of phishing scams.
I think we've identified a tension between these requirements:
A) people want their computers to automatically distinguish
between trustworthy and untrustworthy input. They are
asking for more than just the padlock that means the
connection is secure from men in the middle; they're
asking for a thumbs-up that means the other endpoint is
trusted. The question of trust is very different from
transport security.
B) We don't want the kind of centralized authority model
we've seen with with SSL certificates because whatever
roots get built into the first version get a lock on the
market. This seems fundamentally unfair to new entrants.
The principle of glasnost requires that new sending
domains and new accreditation authorities can easily
arise.
These tensions are related to the tension between First
Amendment expression and trademark control:
A) We like the ability of a web browser (and email clients)
to display arbitrary HTML and arbitrary graphics.
B) If an untrusted third party can display arbitrary content
to the user, they will surely use that ability for phishing.
In combination, I have a feeling the next few years will see
the pendulum swing away from openness back toward control.
Historians may even identify this as a theme of this era:
first you have to get your shoes X-rayed, now you don't get
to see HTML email unless it's approved by an accreditation
authority.