Re: Question: secure third-party attestations about web sites ?

> So my question is whether there is any ongoing work, or if it even makes
> sense, for UAs to play a role in secure delivery of such third-party
> attestations to users ? (I would expect it to be a long-term project - I'm
> not thinking about quick-fixes here).

Hi Mark,
I had a similar idea recently somewhere on the fringes of where I
think you are going here. Although more geared towards anti-phishing
the basis of the thought was to have a visual indicator that securely
proved attestation of one party to another.

I later learned about a temporarily successful venture called SiteKey
which attempted to do something along the same lines but ultimately
hinged on the same assumption - that end users will pay attention to
visual security indicators.

Studies found that the vast majority of end users don’t effectively
pay attention to security indicators or lack thereof (or the
indicators are easily spoofed). Go figure.

Interesting problem that I think would have a widespread benefit if
solved, but I’m unsure how to hotfix (or re-train) those end-users.


> Thanks in advance,
> Mark

Received on Saturday, 2 May 2015 22:30:22 UTC