[cap-talk] Petname's for Firefox - Norm's comments, "significant relationships"?

[Norman Hardy]

On Feb 24, 2005, at 1:22 PM, Jed at Webstart wrote:

> At 12:12 PM 2/24/2005, Norman Hardy wrote:
>> I like the petname toolbar.
>> My toolbar is getting too crowded.
>> I think browser builders should allow more room, probably more than 
>> one line.
>> One hack that would help in this case is to make the petname take 
>> less space when it has nothing to say but untrusted,
>
> Or "unnamed" or just as Tyler suggested at one time blank - which 
> could of course be compressed.
> I don't know how difficult that would be to do technically, but of 
> course if it could use just as much
> space as the name required and could take up essentially no space when 
> no name was assigned
> I also think that would be a good idea.
>
>> When at a trusted site it is appropriate to occupy more space.
>
> As much as the name of course at least, though I suppose it could 
> scroll through long names.  I
> notice that if I assign a name that's longer than the window the 
> mechanism shows me the first
> part of the name and it's up to me to view the rest by positioning and 
> moving my mouse if I wish.
> There is no indication that the text of the Petname extends beyond the 
> window.
>
> I consider these minor issues, but I mention them as the topic came up.
>
>> Some have argued that the pet name needs to describe your complete 
>> relationship with the site.
>> But then it is more than a "name".
>> An extension to the petname would be to make it into a link to a 
>> secure place where you keep a record of your relationship.
>
> I'm curious what you mean by the above Norm.  Do you mean to a place 
> where it would simply note that:
>
> IBM binds to certificates signed by Equifax that refer to the 
> Organization (O) "IBM"?
>
> Or do you have something higher level in mind.  Namely the above 
> implementation information
> could be visible somewhere, but what you are getting at is a place to 
> put information about
> what you've come to believe about your relationship with the Web 
> entity, e.g.:
>
> I've done banking transactions through this site.  Seems to work.
>
> I got delivery of the goods for a $100+ transaction with these folks.
>
> Watch out - this is a fake Paypal site!
>
> or the like?

I just want a map that I trust from pet names to an area where I can 
accumulate
information on my relationship.

>> I don't have a significant relationship with more than one site.
>
> That's interesting.  I wonder if that's because you've been retired 
> through must
> of the Internet boom?  Perhaps it's what you mean by "significant"?

My bank has the only site where the cost of subversion makes it 
worthwhile
to be actually paranoid, instead of play paranoid.
There are just two or three sites that have seen my credit card number
and its not worth much hassle to avoid MITM.
I havn't had the opportunity to send or receive any important 
information,
from Kaiser and I have tried!

Play paranoia is a good thing for security nuts like us to do.
I am lazy.

> Let me define "significant" for this discussion as any site that I 
> have a
> login relationship with (password, certificate, etc.).  By that 
> definition
> I have quite a number of "significant" Web relationships.  I'll mention
> those that come to mind off the top of my head:
>
> Work benefits
> Work time card (vacation, etc.)
> Bank
> Broker
> Healthcare provider
> Computer Vendor sites (e.g. Redhat network, Oracle Metalink, etc.)
> Shopping coordination sites (e.g Yahoo, Amazon)
> Service provider sites (e.g. telephone, power)
> Web hosting site
> ISP
> Media (e.g. newspapers that require logins)
> ...
>
> I probably have some 25-35 such relationships.  Most are pretty 
> insignificant
> and don't require much trust at all on my part.  However, with the 
> first 5 at least
> I would say I do have significant trust relationships.
> ____________...
...