W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2007

Re: Safe Browsing Mode - Revised

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Wed, 31 Jan 2007 08:35:11 -0600
To: Bob Pinheiro <Bob.Pinheiro@FSTC.org>
Cc: public-wsc-wg@w3.org, public-wsc-wg-request@w3.org
Message-ID: <OF9969A690.3CAD52F8-ON86257274.004FF321-86257274.0050205E@us.ibm.com>

>Safe Browsing Mode is a special browsing window or tab

Safe Browsing Mode is a special browsing window, special process, or tab

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

             Bob Pinheiro                                                  
             C.org>                                                     To 
             Sent by:                  public-wsc-wg@w3.org                
             public-wsc-wg-req                                          cc 
                                       Safe Browsing Mode - Revised        
             01/31/2007 02:54                                              

Safe Browsing Mode: Definitions and Concept

Safe Browsing Mode is a special browsing window or tab that would allow a
particular user to visit only those websites that have been previously
determined to be trusted.  In most cases, each individual user makes a
determination of which websites are trusted.  In some cases, users may rely
on other trusted parties to determine which websites are trusted.

Benefit of Safe Browsing Mode: User can be confident that any website
accessible via Safe Browsing Mode is trusted according to criteria
established by the user, or to criteria established by another party that
the user trusts.

The means by which a user determines that a particular website is trusted
is not defined by Safe Browsing Mode.
      Determination that a website is trusted may depend on visual cues
      associated with Extended Verification certificates, other cues, user
      experience, or any other means the user chooses.
Websites that have been determined to be trusted are placed on a White List
by the user (or other trusted party).
      Via conscious user action?
      Via prompt from browser based on absence from existing White List?
A White List would consist of, at minimum, the URL of each trusted site,
and a “fingerprint” of the trusted site's certificate.
      Fingerprint of a certificate is defined by OpenSSL as "the digest of
      the DER encoded version of the whole certificate", where "digest" is
      a hash function.
Safe Browsing Mode would allow access only to those websites whose URLs
appear on the White List, and whose certificate fingerprints match the
fingerprint stored on the White List for each corresponding URL.

Safe Browsing Mode may be invoked in the following ways:
      User would key in a secure attention sequence (such as Ctl-Alt-Del)
      to invoke Safe Browsing Mode.  This would send a signal to the OS
      that the OS should invoke Safe Browsing Mode in a browser.
      User may choose a menu item in the browser to invoke Safe Browsing
      Invoking Safe Browsing Mode via the OS may be more resistant to
      attack than invoking it from within the browser itself.
Third party validation services, such as OCSP certificate validation, might
be included in a browser's implementation of Safe Browsing Mode.

Safe Browsing Mode requires users to take specific actions to establish
trust in a website, add the website to the White List, and subsequently
invoke the Safe Browsing Mode tab or window.  Therefore, users may only
bother with Safe Browsing Mode for websites that require users to provide
sensitive personal information.

Industry groups such as the financial services industry could publish White
Lists of trusted sites.
      Does browser need to query external White List?
      Do external White Lists get downloaded into User’s browser whenever a
      change occurs?

Safe Browsing Use Case 1:
User Creates White List

1.  User visits website in ordinary browsing mode and determines that the
website is trusted according to criteria set by the user; i.e., cues
triggered by EV certificates, other cues,
     experience, etc.

2.  Website URL and certificate signature are added to White List.

Safe Browsing Use Case 2:
Viewing Trusted Websites in Safe Browsing Mode

1.   User invokes Safe Browsing Mode by keying in a secure attention

2.   Users provides a URL of website to be visited, or uses a bookmark.
        - Website will be viewable if URL is on White List and certificate
signature on White List matches certificate signature of website.
        - Bookmarks only show trusted sites on White List.

3.  If URL is provided for a site not on the White List, user receives some
type of message indicating such.

Safe Browsing Use Case 3:
User Subscribes to White List Created by a Trusted  Industry Organization

1.  User subscribes to the “List of Official Banking Institutions That Lend
Money to Unemployed Philosphers”, published by the highly-regarded Union of
Unemployed Philosophers.
     The List contains URLs and certificate signatures of banking website
that have been verified as lending money to unemployed philosophers.

2.  User receives a phishing email containing a link to a bank advertising
itself as providing loans to unemployed philosophers, and offers very low
interest rates on new loans.

3.  User invokes Safe Browsing Mode by keying in secure attention sequence.

4.  If User clicks on link in the email and a banking website opens in Safe
Browsing Mode, User is assured that the bank is legitimate and provides
loans to unemployed

5.  If the link in the email is bogus, a message appears when User clicks
the link, warning User that the link cannot be verified as legitimate.

(image/gif attachment: graycol.gif)

(image/gif attachment: pic24218.gif)

(image/gif attachment: ecblank.gif)

Received on Wednesday, 31 January 2007 14:45:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:14 UTC