- From: Chris Hartmann <cxhartmann@gmail.com>
- Date: Wed, 29 Apr 2015 10:21:16 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: www-tag <www-tag@w3.org>
> So my question is whether there is any ongoing work, or if it even makes > sense, for UAs to play a role in secure delivery of such third-party > attestations to users ? (I would expect it to be a long-term project - I'm > not thinking about quick-fixes here). Hi Mark, I had a similar idea recently somewhere on the fringes of where I think you are going here. Although more geared towards anti-phishing the basis of the thought was to have a visual indicator that securely proved attestation of one party to another. https://www.ietf.org/mail-archive/web/websec/current/msg02286.html I later learned about a temporarily successful venture called SiteKey which attempted to do something along the same lines but ultimately hinged on the same assumption - that end users will pay attention to visual security indicators. https://en.wikipedia.org/wiki/SiteKey Studies found that the vast majority of end users don’t effectively pay attention to security indicators or lack thereof (or the indicators are easily spoofed). Go figure. Interesting problem that I think would have a widespread benefit if solved, but I’m unsure how to hotfix (or re-train) those end-users. Cheers, Chris > > Thanks in advance, > > Mark > > > >
Received on Saturday, 2 May 2015 22:30:22 UTC