- From: spam filter <spam+w3c@jeff-nelson.com>
- Date: Wed, 5 Jul 2006 09:46:28 -0700
- To: "James A. Donald" <jamesd@echeque.com>
- Cc: public-usable-authentication@w3.org
> Chris Drake wrote: > > The word "Chrome" is so cool that nobody wants to put > > it back on the shelf where it belongs! I don't think the concept of secure chrome needs to be entirely abandoned, just redefined. The problem is with chrome which is static and spoofable. By secure chrome, we mean "unspoofable chrome". Historical implementations assume that anything in the chrome is trusted, since an attacker can't control the chrome. However, the picture in picture attack demonstrates that the chrome is spoofable, even when its trusted. http://guardpuppy.com/BrowserChromeIsDead.gif We need to determine techniques which are unspoofable, such as personalization known only to the user or OS layer features, such as dimming the desktop. Suppose we did have a set of techniques that proved to be effective, what form would a standard take? We'll have to specify something like For personalization, I suspect the rough outline would be something like 1) User can set some personalization. 2) Personalization must be determine based on some secret known to the user in a sufficiently large key space, eg. a large set of pictures, visual hashes, or words. 3) Personalization must be integrated with authentication flows. 4) After authentication, personalization must be presented as proof of mutual authentication. 5) Personalization may be presented when requesting other sensative information. 6) Personalization may be presented at any time during the session to prove the session is not spoofed or taken over. 7) Personalization must not be retrievable or usable by third party sites. I'm not sure if we should promote the "may" in (5) and (6) to "must". Also, this assumes user training and recognition. Solutions which don't train the user to use personalization and recognizing spoofing will remain spoofable. Thoughts? - Jeff
Received on Wednesday, 5 July 2006 16:46:55 UTC