Re: ACTION6: URL display as anti-pattern from Amir Herzberg on 2006-12-06 (public-wsc-wg@w3.org from December 2006)

From: Amir Herzberg <herzbea@macs.biu.ac.il>
Date: Wed, 06 Dec 2006 16:30:05 +0200
To: "Michael(tm) Smith" <mikes@opera.com>
CC: W3 Work Group <public-wsc-wg@w3.org>
Message-ID: <4576D3ED.5040402@cs.biu.ac.il>

Michael(tm) Smith wrote:
> "Close, Tyler J." <tyler.close@hp.com>, 2006-12-04 13:51 -0600:
>
>   
>> Domain names can be very deceptive: www.bankofthevvest.com,
>> paypal.secure.com, paypa1.com, etc.  We need to provide the user
>> with a site identifier which will not attempt to deceive the
>> user. This means we can't use text that came from the potential
>> attacker.
>>
>> Frankly, I think we would be better off removing the Location bar from
>> the default browser user interface. I think it does more harm than good.
>>
>> Thoughts? Would Konqueror seriously consider dropping the Location bar
>> from the default user interface? Or is it too big a change? Pushing in
>> this same direction, I'd like to see the browser move all potentially
>> misleading data out of the chrome area, providing a graphically clear
>> dividing line between what is reliable and what is suspect.
>>     
>
> The URL information in the location bar is useful for more than
> just providing security-context information, and I think users
> might lose more if it were suppressed than they gain by having it
> displayed. I think in general that in deciding what should and
> should not be displayed in the browser chrome, the criteria that
> need to be considered are more than just whether the data can be
> abused to provide potentially misleading data.
>   
I agree. But more: the reality is that most web pages are not SSL/TLS 
protected. In such cases, the domain names provides the only (very 
limited) mechanism of identification. It is secure against weak 
attackers, not against DNS controlling or MITM attackers, of course, and 
only to the extent that users can validate the URL/domain. So I agree it 
is very weak protection. Still, as long as most sites are not using SSL, 
I find it very hard to give up on this limited identification mechanism.

These comments do not apply if the suggestion is to give up on the 
domain name only for protected sites, but I suspect that treating secure 
sites differently in this respect may create usability problems.

Best, Amir Herzberg
>   --Mike
>
>
>
> .
>
>

Received on Wednesday, 6 December 2006 14:31:01 UTC