W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2006

Re: Secure Metadata

From: Dick Hardt <dick@sxip.com>
Date: Mon, 17 Apr 2006 16:26:28 -0700
Message-Id: <9C1D85E2-FCA1-4A90-966D-C4AA908C1E25@sxip.com>
Cc: Jeffrey Altman <jaltman@secure-endpoints.com>, public-usable-authentication@w3.org
To: Thomas Roessler <tlr@w3.org>

> On 2006-04-14 10:36:46 -0400, Jeffrey Altman wrote:
>> ...
>> While displaying logos may appear to be a good thing in the short  
>> term,
>> I am skeptical of the long term security benefits.

Graphics are proven to communicate more clearly than text to users.  
Well recognized brands are well recognized because they are seen  
often. since this is where most users go, this is the target of  
phishers.

The issue is the process for the User Agent to determine that the  
graphic really does belong to the owner of the site. Secure Chrome is  
needed so that the user knows the graphic does belong. The CA process  
for asserting the graphic belongs to the site needs to be much better  
then the current one(s).

-- Dick
Received on Tuesday, 18 April 2006 02:26:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC