RE: DNSSEC indicator from Dan Schutzer on 2007-04-26 (public-usable-authentication@w3.org from April 2007)

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Thu, 26 Apr 2007 09:26:31 -0400
To: <beltzner@mozilla.com>, <public-usable-authentication-request@w3.org>, <sthomas2@ups.com>, <public-usable-authentication@w3.org>
Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org>
Message-ID: <027501c78806$81b48060$6500a8c0@dschutzer>
I think that much of what we want is in the security zone model, but we want
some additional things: e.g. be able to strongly link a website's IP
address(s) to the desired website (e.g. with EV typed certs or DNSSEC or FI-
(or other community) certified and signed websites hashed with the valid IP
addresses). It is because there are these important bits and pieces already
operational that I have hope we could see an implemented safe mode in
relatively short order.

Furthermore, we think we need a better user interface. The current ones,
such as in IE7, provide a long list of very technical terms that a user has
to select, and its is somewhat cumbersome to change and reset. We would like
something much simplier to invoke by the user and by default eliminates when
in safe mode all but the sites that both qualify and are selected by the
user (where most of the technical settings for safe mode are determined for
the user).

I believe that there are times when users don't want to be safe. That is
users want to go to social sites, browse the web, look for interesting
content, converse with interesting people. On the other hand, there are some
sites where the users wants to transact with very sensitive information and
wants to be sure that they are on the correct site. In fact, if a user could
easily switch back and forth, they would even be safer when they are not in
safe mode because they would know they are NOT in safe mode and hopefully be
much less trusting and willing to provide sensitive information when not in
Safe mode. As a users travels around in the Wild Unsafe Web, they may find
and establish a relationship with a web site that they want to know interact
with more safely. If that site is appropriately certified and conforms to
the needed technical security, the user can find that site is available for
Safe Mode and add it to its Safe Mode list.

Does this explanation help.

-----Original Message-----
From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of Mike
Beltzner
Sent: Thursday, April 26, 2007 8:47 AM
To: Dan Schutzer; public-usable-authentication-request@w3.org;
sthomas2@ups.com; public-usable-authentication@w3.org
Subject: Re: DNSSEC indicator

How is safe-mode substantially different from the "security zone" model
employed (and unused) in current browsers?

Do you think there are times when users don't want to be safe?

cheers,
mike 
  

-----Original Message-----
From: "Dan Schutzer" <dan.schutzer@fstc.org>
Date: Thu, 26 Apr 2007 08:31:41 
To:<sthomas2@ups.com>,<public-usable-authentication@w3.org>
Subject: RE: DNSSEC indicator


That is why I would combine these indicators with a Safe Web Browsing Mode
and not rely on users paying attention and understanding all the indicators
- just that when they want to be really safe, they are willing to exclude
all but a selected set of sites that they really care about security and
privacy with and which are compliant with the needed security safeguards

-----Original Message-----
From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of
sthomas2@ups.com
Sent: Thursday, April 26, 2007 8:20 AM
To: public-usable-authentication@w3.org
Subject: RE: DNSSEC indicator


Dick is quite right. DNSSEC could indeed provide another tool in the
toolbox to make sure that the network is doing what the user really
wants. My issue, though, is elevating the DNSSEC status to a
human-visible indication. The more indicators that are displayed to a
user, the less likely the user is to pay attention to them. Research is
already showing that users are ignoring the indications that browsers
give them today. For that reason, browser designers need to be very
parsimonious in displaying security indications and focus on showing
information that is really important. Given the relative rarity of
attacks involving improper name resolutions, a DNSSEC indication would
not seem to have enough value to justify its use.

Stephen 

-----Original Message-----
From: Dick Hardt [mailto:dick@sxip.com] 
Sent: Thursday, 26 April 2007 8:10 AM
To: Thomas Stephen (SKD8YPG)
Cc: public-usable-authentication@w3.org
Subject: Re: DNSSEC indicator


There is unlikely to be a single silver bullet that solves *all* the  
issues. It is useful to know that the client really is connected to  
www.micros0ft.com if that is what the client wants to connect to.

DNSSEC is not going to solve social phishing attacks, but it does  
enable other technology such as CardSpace etc. to have increased  
certainty on what is going on.

-- Dick
Received on Thursday, 26 April 2007 13:26:53 UTC