Safe Browsing Mode - Revised from Bob Pinheiro on 2007-01-31 (public-wsc-wg@w3.org from January 2007)

From: Bob Pinheiro <Bob.Pinheiro@FSTC.org>
Date: Wed, 31 Jan 2007 03:54:58 -0500
To: public-wsc-wg@w3.org
Message-Id: <200701310849.l0V8nmZd024416@smtp.hyattsanjose.com>
Safe Browsing Mode: Definitions and Concept

Safe Browsing Mode is a special browsing window or tab that would 
allow a particular user to visit only those websites that have been 
previously determined to be trusted.  In most cases, each individual 
user makes a determination of which websites are trusted.  In some 
cases, users may rely on other trusted parties to determine which 
websites are trusted.

Benefit of Safe Browsing Mode: User can be confident that any website 
accessible via Safe Browsing Mode is trusted according to criteria 
established by the user, or to criteria established by another party 
that the user trusts.

The means by which a user determines that a particular website is 
trusted is not defined by Safe Browsing Mode.
    * Determination that a website is trusted may depend on visual 
cues associated with Extended Verification certificates, other cues, 
user experience, or any other means the user chooses.
Websites that have been determined to be trusted are placed on a 
White List by the user (or other trusted party).
    * Via conscious user action?
    * Via prompt from browser based on absence from existing White List?
    * Other?
A White List would consist of, at minimum, the URL of each trusted 
site, and a "fingerprint" of the trusted site's certificate.
    * Fingerprint of a certificate is defined by OpenSSL as "the 
digest of the DER encoded version of the whole certificate", where 
"digest" is a hash function.
Safe Browsing Mode would allow access only to those websites whose 
URLs appear on the White List, and whose certificate fingerprints 
match the fingerprint stored on the White List for each corresponding URL.

Safe Browsing Mode may be invoked in the following ways:
    * User would key in a secure attention sequence (such as 
Ctl-Alt-Del) to invoke Safe Browsing Mode.  This would send a signal 
to the OS that the OS should invoke Safe Browsing Mode in a browser.
    * User may choose a menu item in the browser to invoke Safe Browsing Mode.
    * Invoking Safe Browsing Mode via the OS may be more resistant to 
attack than invoking it from within the browser itself.
Third party validation services, such as OCSP certificate validation, 
might be included in a browser's implementation of Safe Browsing Mode.

Safe Browsing Mode requires users to take specific actions to 
establish trust in a website, add the website to the White List, and 
subsequently invoke the Safe Browsing Mode tab or window.  Therefore, 
users may only bother with Safe Browsing Mode for websites that 
require users to provide sensitive personal information.

Industry groups such as the financial services industry could publish 
White Lists of trusted sites.
    * Does browser need to query external White List?
    * Do external White Lists get downloaded into User's browser 
whenever a change occurs?

Safe Browsing Use Case 1:
User Creates White List

1.  User visits website in ordinary browsing mode and determines that 
the website is trusted according to criteria set by the user; i.e., 
cues triggered by EV certificates, other cues,
      experience, etc.

2.  Website URL and certificate signature are added to White List.


Safe Browsing Use Case 2:
Viewing Trusted Websites in Safe Browsing Mode

1.   User invokes Safe Browsing Mode by keying in a secure attention sequence.

2.   Users provides a URL of website to be visited, or uses a bookmark.
         - Website will be viewable if URL is on White List and 
certificate signature on White List matches certificate signature of website.
         - Bookmarks only show trusted sites on White List.

3.  If URL is provided for a site not on the White List, user 
receives some type of message indicating such.


Safe Browsing Use Case 3:
User Subscribes to White List Created by a Trusted  Industry Organization

1.  User subscribes to the "List of Official Banking Institutions 
That Lend Money to Unemployed Philosphers", published by the 
highly-regarded Union of Unemployed Philosophers.
      The List contains URLs and certificate signatures of banking 
website that have been verified as lending money to unemployed philosophers.

2.  User receives a phishing email containing a link to a bank 
advertising itself as providing loans to unemployed philosophers, and 
offers very low interest rates on new loans.

3.  User invokes Safe Browsing Mode by keying in secure attention sequence.

4.  If User clicks on link in the email and a banking website opens 
in Safe Browsing Mode, User is assured that the bank is legitimate 
and provides loans to unemployed
      philosophers.

5.  If the link in the email is bogus, a message appears when User 
clicks the link, warning User that the link cannot be verified as legitimate.
Received on Wednesday, 31 January 2007 09:01:29 UTC