- From: spam filter <spam+w3c@jeff-nelson.com>
- Date: Wed, 5 Jul 2006 11:15:23 -0700
- To: "Amir Herzberg" <amir.herzberg@gmail.com>, "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, public-usable-authentication@w3.org
http://www.w3.org/2005/Security/htmlauth-charter > * a W3C Recommendation that describes an annotation mechanism that supports at least HTTP Digest Authentication, and possibly other authentication mechanisms as the working group sees fit I'm not as familar with these requirements. It looks like we're specifying an annotation of authentication meta-data. Would we reference some other standard to provide the authentication mechanisms? I'm not sure about calling out HTTP Digest Authentication, since its broken. The offline dictionary attack on the digest credential requires under 1 second of CPU time to break most passwords. Rather, we could define an annotation which is implementation neutral and agree on some specification for picking the implementation. http://www.w3.org/2005/Security/wsc-charter >Current Web user agents communicate only a small portion of available security context information to users in a way that is easily perceived and understood. Other secontext context information that might be available to user agents and possibly helpful to users is either not presented, or presented in a way that is not understood by users, and hence useless or confusing. This information ranges from logotypes and company names and addresses that might be present in PKI certificates, to the user agent's memory of past activities. >Where the mechanisms that are used to communicate context information can be overridden by Web content, they also open the scene for attackers serving fake security indicators. Could we mention personalization and/or unspoofability in this charter? Or is it the intent that be covered by some other working group? For example, how is this edit? >Current Web user agents communicate only a small portion of available security context information to users in a way that is easily perceived and understood. Other security context information that might be available to user agents and possibly helpful to users is either not presented, or presented in a way that is not understood or spoofable, and hence useless or untrustworthy. This information ranges from personalization, to logotypes and PKI certificate meta-data, to the user agent's memory of past activities. "can be overridden by Web content" is a tricky phrase. I would say "can be effectively spoofed by Web content" as a more precise, 1 sentence description of the threat model. I would expect a solution to address the picture in picture attack and incorporate sufficient training of users in recognizing spoofing attacks. For example, a solution which allows for personalization may not be sufficient if it doesn't train the user to utilize the personalization and recognize spoof attacks on that personalization. - Jeff
Received on Wednesday, 5 July 2006 18:15:33 UTC