RE: Secure Chrome from Mary Ellen Zurko on 2006-04-14 (public-usable-authentication@w3.org from April 2006)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 14 Apr 2006 08:28:21 -0400
To: "Dan Schutzer" <dan.schutzer@fstc.org>
Cc: public-usable-authentication@w3.org
Message-ID: <OF4C9F1AE6.F8B09E18-ON85257150.00443D62-85257150.004491F9@notesdev.ibm.com>

Interestingly enough, the question George is asking, is whether you as a 
website developer are willing to design the part of your web that deals 
with high risk transactions to not use any active content at all. 

The question George isn't asking is how a browser would know that a high 
risk transaction was about to occur with a malicious site. 

I expect there to be some interesting work at SOUPS addressing this sort 
of question. As I mentioned at the workshop (which Danny hated to hear), 
some of this is still at the research phase. Which makes it hard to 
standardize. 
        Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
IBM Lotus/WPLC Security Strategy and Architecture

"Dan Schutzer" <dan.schutzer@fstc.org> 
Sent by: public-usable-authentication-request@w3.org
04/12/2006 02:50 PM

To
"'George Staikos'" <staikos@kde.org>, 
<public-usable-authentication@w3.org>
cc

Subject
RE: Secure Chrome

I think, just as the web browsing experience now allows a user to set and
change various levels of security and privacy depending on the website, I
would think they could be induced to allow websites and customers to 
select
for more high risk transactions a safe browsing mode to be invoked. It is 
an
idea whose time may have come. I as a user would welcome such modes within
my control, so that when I am transacting and exchanging highly sensitive
information, I can work in a more secure mode.

-----Original Message-----
From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of George
Staikos
Sent: Wednesday, April 12, 2006 1:55 PM
To: public-usable-authentication@w3.org
Subject: Re: Secure Chrome

On Tuesday 11 April 2006 18:30, Mary Ellen Zurko wrote:
> No active content at all. Zippo. No javascript. No Java. No ActiveX.
>
> Web browsing the way nature intended :-).
>
> Yes, there's a lot of things you couldn't do with such a browser. But it
> has the benefit of simplicity.

  Do you think any website developers will ever accept such a thing? :-) I 

think not...

-- 
George Staikos
KDE Developer                                                            
http://www.kde.org/
Staikos Computing Services Inc.                          
http://www.staikos.net/

Received on Friday, 14 April 2006 12:28:35 UTC