Domain: waterken.com
Stories and comments across the archive that link to waterken.com.
Comments · 23
-
Re:SSL certs discussion: always note these
Cert Patrol lets you know when a cert is new to your browser. Surely that's of some value, is it not?
It depends, certs get updated all the time and you don't want to pester the user with messages he doesn't understand. That makes it easy to spoof or phish the user because they'll just get used to clicking through. As long as the cert upgrade is valid, you shouldn't see anything change IMO.
I looked at the add-ons page comments and saw the following. Do you know anything about this?
If the cert was properly upgraded, then it shouldn't give you a warning. The author of the tool is a security researcher who knows what he's doing. Read up on his petname tool paper if you're interested in further information.
-
Re:SSL certs are both over-trusted and under-trust
You would have self-signed certs presented as "semi-secure", which they are not.
Even real certs are not secure as this thread demonstrates. So presenting certs as secure in the browser is committing the exact same sin that you are objecting against for self-signed certs. The only secure means to verify is secure introduction, or out of band verification.
CAs are not a valid out of band means of verification, they are a global trusted computing base (TCB), and thus are a global point of vulnerability.
-
Re:Always.
It doesn't say anything of the security of the actual site. It never has. It tells you something about the *connection*. Why are you confused about this?
I'm not confused. The point is this level of security is insufficient to the point where it's next to useless to most people. Security problems are much broader than secure connections to unknown parties, despite what the CAs claim.
Poor justification for what?
Poor justification for the usefulness and costs of certificate authorities.
You have a problem with what the trusted third partys role in SSL is? Then pray, how are you going to solve the man in the middle-problem?
Secure introduction. You know, an introduction from a party with whom you actually have a meaningful trust relationship.
-
Re:Always.
I.E. the CA, using its public key, which the browser already has.
The CA is one way, but not the best way. You are introducing a whole set of other entities everyone has to trust. Why?
Occam's razor: one must not multiply entities unnecessarily.
To falsify a certificate without the browser telling you, either the CA, the web site, or your machine would have to be compromised.
Who cares about the cert? That's not a major attack vector. Why focus on the attack vectors which aren't a problem in practice? Phishing and spoofing are the low-hanging fruit, and CAs and certs don't help you with this at all. The solution I described above solves all of these problems. All we need is a method of secure introduction to further automate it. Fortunately, that exists too.
-
By the way...
PKI doesn't even solve the right problem a good chunk of the time. How many sites have a link on a non-secured page that refers to some third party order processing firm? A man-in-the-middle can tweak the received non-secured page to point to a different "secured" web server and the customer is none the wiser. PKI provides decent assurance when you type in a "https:" URL and very little when you click on a link, which is why PayPal inter alia warn you to type in the URL.
-
Re:Verifying fingerprints is even more secure
This does already exist. No need for third party providers. Take a look at http://www.httpy.com/ with an implementation shown at http://www.waterken.com/dev/Browser/ Great idea and simple. Just not much profit incentive for the big boys .
-
Names and petnamesI found An Introduction to Petname Systems an interesting reading:
Zooko's Triangle [Zooko] argues that names cannot be global, secure, and memorable, all at the same time. Domain names are an example: they are global, and memorable, but as the rapid rise of phishing demonstrates, they are not secure.
Though no single name can have all three properties, the petname system does indeed embody all three properties. Informal experiments with petname-like systems suggest that petnames can be both intuitive and effective. Experimental implementations already exist for simple extensions to existing browsers that could alleviate (possibly dramatically) the problems with phishing. As phishers gain sophistication, it seems compelling to experiment with petname systems as part of the solution.
There is even a Firefox extension. -
YURLs
Check it out... a decentralized trust scheme that overlays on SSL: http://www.waterken.com/dev/YURL/ There's a mailing list devoted to these topics too: http://www.eros-os.org/mailman/listinfo/cap-talk
-
Suggestion
These improvements sound good. But can I make a further suggestion?
Like many people, I have a few sites that I want complete assurance about, such as my personal banking sites. I don't want to simply trust a third-part CA to vet them, even if it is capable of providing high-assurance. As well as concerns about the business model for that CA, it still will sign a very large number of web-site certificates. If any of those web sites were compromised or the CA was tricked into signing a certificate, it opens an opportunity for the browser to say "highly trusted" when it isn't - and may even be a different web site if DNS could be compromised. And I expect it would take a long time, if possible at all, to persuade all sites to get the signed by one of the "blessed" CAs.
I much prefer the model used by the Petnames extension of Firefox (http://www.waterken.com/user/PetnameTool/), which allows me to register the server digital certificate thumbprint, and to give the site a nick-name ("My bank"). If the certificate changes in any way, I'll get warned and can do the appropriate checks. Effectively I'm managing my own white-list of a handful of sites, so don't need to trust someone else's whitelist of tens of thousands; or even worse a blacklist of far more.
This can co-exist with the proposals above; for example by allowing the user to store their trust relationship which then displays (say) a blue address bar. Other sites will go through the green / red / white display. -
Re:State.
I would suggest that the GET/POST dichotomy for handling data is a useful (lossy, I admit) way to beat crappy web developers over the head with a simple idea that makes the web a better place. It should have been learned a long time ago, but it hasn't been. I'm way cool on any effort that makes the script kiddies do something somewhat in line with something approaching best practice. Nobody loses.
You should definitely check out the Web-Calculus as embodied in the Waterken Server; all your composable, object-oriented programming goodness, embedded in the pure resource-oriented web. -
Re:State.
I would suggest that the GET/POST dichotomy for handling data is a useful (lossy, I admit) way to beat crappy web developers over the head with a simple idea that makes the web a better place. It should have been learned a long time ago, but it hasn't been. I'm way cool on any effort that makes the script kiddies do something somewhat in line with something approaching best practice. Nobody loses.
You should definitely check out the Web-Calculus as embodied in the Waterken Server; all your composable, object-oriented programming goodness, embedded in the pure resource-oriented web. -
A real anti-phishing, anti-spoofing toolbarWaterken Petname Tool
Need help avoiding phishing and spoofing attacks? The petname tool can help you keep it all straight by clearly distinguishing your online relationships.
Using the petname tool, you can save a reminder note about a relationship you have with a site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.
If you're interested in the rationale behind it, read the whitepaper. No dependence on/vulnerability to any centralized 'authority' to decide what constitutes a 'malicious site'. -
A real anti-phishing, anti-spoofing toolbarWaterken Petname Tool
Need help avoiding phishing and spoofing attacks? The petname tool can help you keep it all straight by clearly distinguishing your online relationships.
Using the petname tool, you can save a reminder note about a relationship you have with a site. The petname tool will then automatically display this reminder note every time you visit the site. After following a hyperlink, you need only check that the expected reminder note is being displayed. If so, you can be sure you are using the same site you have in the past.
If you're interested in the rationale behind it, read the whitepaper. No dependence on/vulnerability to any centralized 'authority' to decide what constitutes a 'malicious site'. -
Petname toolbar
I'd also like to remind people about the Petname Toolbar from Tyler Close, which uses capability-security concepts.
When you visit your bank site for the first time, you enter your own chosen "pet name" for the bank, which is like a nickname. Then when you (supposedly) visit the bank again via clicking on a link, it will show you the same pet name if it is the same site. If it is a phishing site you will see a glaring indication that the site is new and not one you have previously visited and trusted. This way you will know when you are at the site that you should be at.
It is a simple concept and doesn't rely on any humongous database created by external users. For Firefox, available today! -
Re:Let's see PGP applied here
Even if I don't have a path, my future browser could record the key that's used when bookmarking a site.
That would leave you open to an MITM attack. The attacker can intercept that first request and send your browser whatever key it wants. What you need is a way to strongly correlate the request URL to the site's public key.
I've built a protocol for doing just this. Check out YURLs. The site also provides a proof-of-concept WWW browser that can use to surf the WWW with this protocol.
-
Re:dan bernstein's position on this
Where exactly does ssh keep bookmarks, for example?
/etc/hostsWe'll wind up inventing another DNS layer on top of the mess just to get back sensible names.
But that layer could be a locally managed namespace instead of a globally managed namespace. Why should everyone use the same mnemonic to refer to a given site? A global namespace means centralized bureaucracy, like IANA. A local namespace is just as convenient for the user, but creates no dictators.
See YURLs.
-
Bookmark file keywords
Your issue is easily handled by the bookmark file keywords provided by Mozilla Firebird. After you've bookmarked a page, you can return to it by typing in your personally chosen keyword.
It is interesting how this simple user interface feature provides a function you thought could only be provided by a central bureaucracy like the DNS. Hold off on the hyperbole a bit. There are some good solutions if you look.
I've worked through a lot of these issues with my YURL work.
-
Decentralized authentication
Since you're willing to give Bernstein's solution a fair hearing, I suggest you also check out YURLs. There's even a simple proof-of-concept WWW browser that you can use to get a feel for how the WWW without DNS works.
Note that switching to decentralized authentication doesn't mean giving up on human memorable names, just global human memorable names. Users can still use a local namespace. This provides both useability and security benefits. See the YURL Name paper.
Tyler -
Decentralized authentication
Since you're willing to give Bernstein's solution a fair hearing, I suggest you also check out YURLs. There's even a simple proof-of-concept WWW browser that you can use to get a feel for how the WWW without DNS works.
Note that switching to decentralized authentication doesn't mean giving up on human memorable names, just global human memorable names. Users can still use a local namespace. This provides both useability and security benefits. See the YURL Name paper.
Tyler -
Prior art
One example (among many, no doubt) exists at http://www.waterken.com/.
JMR
-
Suggestion: Focus on commerce & (smart) contracts
First let me say that I'm not a programmer (I'm a mouth) and that the following could easily be interpreted as totally self-interested, and to top it off they aren't even Linux-specific. Moderate me down, see if I care.
:)
The guys at http://www.cryptix.org/ are my favorites. Cryptix(tm) is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java. Without them, the cool stuff that's happening at: http://www.webfunds.org/ Webfunds (some of it indirectly involving my company) would not be possible.
Along some of the same lines, what's going on at: http://www.erights.org/ E involving a secure distributed object platform and scripting language for writing Capability-Based Smart Contracts is also exceptionally cool, and somewhat related is Tyler's http://www.waterken.com/ Waterken (which isn't a charity, but which is very cool IMO). Disclaimer: I like all the principals of these 4 groups as friends, and all 4 groups tend to "get" what I sell, which is e-gold, which currently uses too much closed-source stuff (that may change in the future, /. assistance appreciated). Obligatory Commercial: Anybody on Slashdot who wants to try e-gold today can e-mail me with an account number.
Something to keep in mind is the old adage "follow the money." It's as true in trying to supplant M$ as it is in politics, IMO. Good luck, choose well, and above all have fun.
JMR
[Speaking only for myself, YMMV, etc. etc.] -
Re:One business idea...Would you like the source for that?
Droplets(TM) is a capability environment for web based applications. Most of it is covered by the Mozilla license.
On the waterken.com site, you'll find a running demonstration application and tutorial, as well as a live shopping cart application for making purchases using e-gold.
The Droplets(TM) environment includes an open source interface to the e-gold Shopping Cart API, so that anyone can quickly setup a web storefront.
-
Re:One business idea...Would you like the source for that?
Droplets(TM) is a capability environment for web based applications. Most of it is covered by the Mozilla license.
On the waterken.com site, you'll find a running demonstration application and tutorial, as well as a live shopping cart application for making purchases using e-gold.
The Droplets(TM) environment includes an open source interface to the e-gold Shopping Cart API, so that anyone can quickly setup a web storefront.