- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 31 Jan 2007 10:21:25 -0500
- To: "Bob Pinheiro <Bob.Pinheiro" <Bob.Pinheiro@FSTC.org>
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF26CC09FD.C7032ED6-ON85257274.0051A1C6-85257274.00545C51@LocalDomain>
> Safe Browsing Mode is a special browsing window or tab that would
> allow a particular user to visit only those websites that have been
> previously determined to be trusted. In most cases, each individual
> user makes a determination of which websites are trusted. In some
> cases, users may rely on other trusted parties to determine which
> websites are trusted.
I think there's sufficient CHI research to state that most users will not
make explicit concious choices of what they trust. They'll follow the path
of least resistance of their user agent, both in terms of defaults, and
subsequent "recommendations" (or whatever's needed to get their task
done).
> The means by which a user determines that a particular website is
> trusted is not defined by Safe Browsing Mode.
I see that as the crucial part of whether or not such a mode provides
useful and usable security. Much like key distribution in PKI, it turns
out deployment and bootstrapping are the hard parts.
Perhaps some of the discussions we're having around tying trust and
display of trust to input/output, passwords, and other form filling, will
be useful here as well.
> Determination that a website is trusted may depend on visual cues
> associated with Extended Verification certificates, other cues, user
> experience, or any other means the user chooses.
> Websites that have been determined to be trusted are placed on a
> White List by the user (or other trusted party).
> Via conscious user action?
> Via prompt from browser based on absence from existing White List?
> Other?
> Safe Browsing Mode may be invoked in the following ways:
> User would key in a secure attention sequence (such as Ctl-Alt-Del)
> to invoke Safe Browsing Mode. This would send a signal to the OS
> that the OS should invoke Safe Browsing Mode in a browser.
> User may choose a menu item in the browser to invoke Safe Browsing Mode.
> Invoking Safe Browsing Mode via the OS may be more resistant to
> attack than invoking it from within the browser itself.
I see the conditions under which it's invoked as similiarly critical.
Perhaps linking it to the same data input/form filling will help.
> Safe Browsing Use Case 3:
> User Subscribes to White List Created by a Trusted Industry
Organization
>
> 1. User subscribes to the ?List of Official Banking Institutions
> That Lend Money to Unemployed Philosphers?, published by the highly-
> regarded Union of Unemployed Philosophers.
> The List contains URLs and certificate signatures of banking
> website that have been verified as lending money to unemployed
philosophers.
>
> 2. User receives a phishing email containing a link to a bank
> advertising itself as providing loans to unemployed philosophers,
> and offers very low interest rates on new loans.
>
> 3. User invokes Safe Browsing Mode by keying in secure attention
sequence.
Not sure that this sequence works when using a "rich client" to read
email, like Lotus Notes. Though it might with the more integrated HTML
mail processing we have for Notes 8.
>
> 4. If User clicks on link in the email and a banking website opens
> in Safe Browsing Mode, User is assured that the bank is legitimate
> and provides loans to unemployed
> philosophers.
>
> 5. If the link in the email is bogus, a message appears when User
> clicks the link, warning User that the link cannot be verified as
> legitimate.
>
Good comments by others as well.
Mez
Received on Wednesday, 31 January 2007 15:21:34 UTC