Re: Secure Chrome from George Staikos on 2006-04-16 (public-usable-authentication@w3.org from April 2006)

From: George Staikos <staikos@kde.org>
Date: Sun, 16 Apr 2006 14:38:22 -0400
To: public-usable-authentication@w3.org
Message-Id: <200604161438.22863.staikos@kde.org>

On Friday 14 April 2006 09:48, Jeffrey Altman wrote:

> I came away with the following from the discussions I held at the
> workshop:
>
> (1) Secure Chrome is only secure if the user is able to distinguish
>     the "secure" from the "insecure".
>
>     Suggestions have included that secure chrome be displayed by
>     the browser whenever the browser encounters a form that contains
>     a password field.

  I think that a password field only covers a limited subset of the vulnerable 
types of data input, but it's a good start.

>     When supported by the operating system is available, whenever
>     the user clicks within the secure chrome the user would be
>     removed to a separate desktop on which the user would be displayed
>     information about whom the data is being sent to as extracted from
>     a certificate (logos, common name, url, etc), a distinguishing
>     identifier selected by the user (perhaps a photo), and the form
>     to be filled in.

  This really sounds over-complicated and confusing.  Conceptually it's an 
interesting approach, but I'm not so sure that the user experience will be 
the greatest.

> (2) Attackers must not be able to determine what the secure chrome
>     looks like on any particular system.

  There are interesting ways to do this.  I'm definitely interested in 
exploring these.  For instance, personalization of the chrome.

> (3) Another thing that was discussed was a hardware indicator of the
>     use of secure chrome.  This would require that the indicator be
>     protected by the operating system and that the secure chrome itself
>     could be triggered by the operating system.

  This doesn't sound like it would apply across platforms (think: PDA, phone, 
etc) well.

[...]

> I believe the use of secure chrome is a good idea, but it certainly
> would not be a cure all.  It would simply raise the bar for the attacks
> in the case where users can be trained not to accept certificates that
> are not validated.

  Agreed.

-- 
George Staikos
KDE Developer    http://www.kde.org/
Staikos Computing Services Inc.  http://www.staikos.net/

Received on Sunday, 16 April 2006 18:42:14 UTC