- From: Tom Ritter <tom@ritter.vg>
- Date: Tue, 13 Dec 2011 12:34:14 -0500
- To: David Dahl <ddahl@mozilla.com>
- Cc: public-identity@w3.org, Harry Halpin <hhalpin@w3.org>
On 13 December 2011 11:29, David Dahl <ddahl@mozilla.com> wrote: > Upon further reflection on this, perhaps what is needed instead is a browser mode like "Private Browsing Mode" in Firefox that is "Enhanced Security Mode", with certain CSP settings in place, SSL (with pinning required) and other restrictions or enhancements. What else is missing? There will no doubt be a demand for this kind of mode for browsers, in fact, there already must be from business and government. This idea came up yesterday on an IETF list also: http://www.ietf.org/mail-archive/web/pkix/current/msg30087.html > This sort of gets at a different question. Why does a browser need to > always operate with a broad trust posture? Folks know when they are > banking and could easily indicate that intent to the browser, without > needing to have the ability to authenticate their favorite shoe shop, > doctor, etc. during that session. This selection could be implemented as > a selection of notary (or a temporary reduction of the TA store, or a > temporary usage of name constraints, etc.). I don't think it's very feasible. Basically: if a site has any incentive to provide security for the user (as banks do) and it *works* with any of the myriad security options we have: - CSP - Key Pinning - Strict Transport Security - X-Frame-Options - X-XSS-Protection - X-Content-Type-Options - No Caching Then they're going to enable that option all the time. If they don't enable it, they're either not getting audited by competant people regurally or they don't work with the option. And switching into a mode that forces these options on will more likely break the site than add security the site didn't previously have. I think the only benefit a browser could add in a "Secure Browsing" mode would be to try to protect a user from malware present on their machine or in the network. - Disable Add-Ons, Toolbars, Greasemonkey Scripts (Poses a problem with password managers) - Private Browsing Mode: don't cache anything, don't save cookies. (Exception for saving Pinned Keys and STS.) - Perhaps some sort of "The SSL Certificate has changed!" notifications - Less Performance, More Security (Specifically around stuff like javascript JIT optimizations) - Fancy-Pants tricks that could try to trick keylogging and screenscraping malware - Disable Imported Root CAs - Extra security around traffic middling I don't work with businesses often to define security policy... but if they were actually clammering for such a browser mode I think they would have migrated off IE6/7 and onto a more recent browser. -tom
Received on Tuesday, 13 December 2011 17:35:07 UTC