- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Wed, 19 Sep 2007 17:53:55 -0400
- To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
Using EV certs as the stand-in for a whitelist seems wrong, to me. EV certs make strong identity claims, but not trustworthiness or safety claims, which I think SBM envisions. EV certs in combination with a whitelist seem like a more natural fit, if we're going to recommend this at all. I think the argument has been advanced that we could use the community logotype field of an EV cert as a proxy for the whitelist, basically that having (say) the FSTC logo in there acts as de facto whitelist membership. One downside I see there is that it still requires the SSL handshake to take place (in order to acquire the certificate for inspection) which exposes some, albeit limited, attack surface. In an EV+Whitelist world, that initial connection wouldn't occur because the "Your accounts are being closed" email link would presumably point to some non-whitelisted domain, and the connection would not be built in the first place. I've said in the past that I don't think the maintenance and generation of these lists can be accurately foreseen, and hence that I don't think it's really the right kind of thing for our group to mandate, since that compels us to declare "non-conforming" any browser that doesn't think the lists are mature enough. Nevertheless, if we *are* to make such a recommendation, it feels like EVs shouldn't be used as a surrogate for "trustworthiness" determinations. Cheers, Johnathan On 18-Sep-07, at 8:59 AM, Web Security Context Working Group Issue Tracker wrote: > > ISSUE-108: Should Safe Browsing mode restrict users to a specific > set of sites? [Techniques] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Thomas Roessler > On product: Techniques > > In the current draft: > > Editor's Draft $Date: 2007/09/18 12:50:20 $ > > safe browsing mode includes a requirement that Web user agents only > be able to access EV (or EV-like) sites when in Safe Browsing > Mode. From discussions, this is one possible approach; the aim > seems to be to have some whitelist of truted sites that can be > accessed in this mode. > > Questions: > > - Should such a whitelist exist at all? > - If it exists, are EV certificates the right criterion? > > > > > > --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Wednesday, 19 September 2007 21:54:09 UTC