- From: Steven T. Roussey <sroussey@balboa.eng.uci.edu>
- Date: Mon, 26 Jun 1995 23:56:24 -0700
- To: www-talk@www10.w3.org
I have a request for comments about how best to extend a viewer's trust in
me to other people. I feel this may become necessary do to undesired
content and to possible unsafe code (programs or scripts to be executed on
the client side).
I can imagine a scenario where the browser only allows limited access to
documents or gives warnings about documents based on a chain of trust.
Options would include access control, trust chain warnings, or no warning
(current state of affairs).
For example, a browser could be configured to only allow access to a
personal list of bookmarks digitally signed by the user.
Another layer of protection would be to have the server of a URL provide
digital signatures from other agents, or query another agent as to whether
it trusts the URL itself or the server in question. If the signatures
extend trust to the URL then you can view it (or at least be warned
otherwise). Other servers (or specific URL links) may be signed my the
previous server and so a list of signatures could validate the URL. For
example, a banner on the bottom of the screen may say "This 'PowerRangers'
URL trusted by Edutainment Co. which is trusted by SuperWorriedParents
which is trusted my you".
The above extension of trust does not have to apply to total access
control. It could be applied selectively (e.g., to client side execution of
shell scripts).
Issues:
How to design signature authorities that approve of sites based on some
criteria.
How to digitally sign a URL.
Other?
-steve-
Background:
http://www.eng.uci.edu/~sroussey/NetVision/editorials/risk_reward_trust.html
PS If this is not the right forum for this type of discussion, please
point me in the right direction.
---------------------------------------
| Steven T. Roussey |
| mailto:sroussey@eng.uci.edu |
| http://www.eng.uci.edu/~sroussey/ |
---------------------------------------
Received on Tuesday, 27 June 1995 02:56:28 UTC