Re: Secure Metadata

Thinking a bit more about this subthread and Thomas' last questions on it:

> Would people here be satisfied with a lightweight effort that
> (as suggested by Michael) initially just looks at the question
> that George asked: The logotype extensions of which
> certificates can sites epxect browsers to display?
> 
> Or should formal work in this area immediately go towards more
> heavyweight trust labels, and the formats related to these?


The combination of some secure chrome with some secure metadata for 
continuing relationships seems attainable. That would put a substantial 
dent in the gain from phishing. If it was actually successful, attacks 
would have to target convincing the user to bootstrap a new relationship 
(albeit with someone that might be trustworthy if properly authenticated) 
or somehow catch the user when they don't have access to their history of 
interactions (kiosk mode, using a friend's computer, had to clear their 
history or cookie cache because of some sort of bug or other issue). That 
seems worth doing to me. 
        Mez

Received on Tuesday, 9 May 2006 14:43:18 UTC