| |
Click here for full text:
Petname Systems
Stiegler, Marc
HPL-2005-148
Keyword(s): computer security; phishing
Abstract: It has been repeatedly observed [Zooko, Shirky, PNML, Close] that global namespaces suffer from a variety of difficulties. While different analyses have focused on different problems, the conclusion emerges that global names are often overloaded with too many purposes, purposes that come into conflict as the system reaches global scale. One representation of the conflict is, global namespaces attempt to achieve the following trio of properties all at the same time: each name should be global, memorable, and securely collision free. Domain names are an example of a system that attempts to achieve this trinity: domain names are global, and memorable, but as the rapid rise of phishing demonstrates, they are not securely collision free. Though it may not be possible for any single namespace to have all three properties, petname systems do embody all three properties. Informal experiments with petname-like systems suggest that petnames can be both intuitive and effective. Experimental implementations already exist for simple extensions to existing browsers that could alleviate problems with phishing. As phishers gain sophistication, experimenting with petname systems as part of the solution seems compelling. Notes:
15 Pages
Back to Index
|
Printable version
