- From: Nathan Rixham <nathan@webr3.org>
- Date: Thu, 6 Sep 2018 21:19:15 +0100
- To: Henry Story <henry.story@bblfish.net>
- Cc: John Kemp <johnk@stabledomain.net>, Dan Daniel Appelquist <dan@torgo.com>, TAG List <www-tag@w3.org>
- Message-ID: <CANiy74xKqP7F0n_e27Ts-nyB2VTM8o8iouOZ91j0VX3pPQKxEQ@mail.gmail.com>
"I don’t think URLs are working as a good way to convey site identity .. We want to move toward a place where web identity is understandable by everyone .. We’re figuring out the right way to convey identity." [Web Identity] is [verified owner] of [URL] . This seems achievable, familiar even. On Thu, Sep 6, 2018 at 7:16 PM, Henry Story <henry.story@bblfish.net> wrote: > > > On 5 Sep 2018, at 19:41, John Kemp <johnk@stabledomain.net> wrote: > > I guess the problem, succinctly stated, might be this: > > 1. Website owners want it to be difficult for their identity to be forged > - they want their customers to be coming to them, and not an imposter. The > URL is part of their brand identity. Attackers frequently (and > successfully) imitate legitimate sites by imitating their URLs. > > 2. Ordinary users want to be sure they are visiting the correct store; > when you hand over either money or other valuable data, you don’t want to > be giving it to an attacker. It is increasingly difficult for an ordinary > person to tell that they are being attacked, due to having to parse > complicated-looking URLs in order to verify their own security. > > The relationship between URL and identity has been fraught since the Web > began, and the TAG has attempted to address this question before. Having a > better relationship between technical identity, and the intuitive ("brand”) > identity of a site may be helpful in improving Web security. > > > I have a proposal on how to get this to work correctly without giving up > on URLS > by tying institutions and nations into the web. They have the money, > the legal frameworks, the police and others to deal with fraud and the > international relations requirements to make this work. It of course has > to be > decentralised, to take into account that nations don't see alike on many > issues. > > > "Stopping HTTPs Phishing" > https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9 > > Hope that helps, > > Henry > > > - johnk > > On Sep 5, 2018, at 1:24 PM, Daniel Appelquist <dan@torgo.com> wrote: > > Ever since there has been a URL people have been proclaiming its imminent > demise. However, from what I can tell, the article is about how the URL is > surfaced in a specific browser UI. This feels out of scope for the TAG. > > Dan > > On Wed, 5 Sep 2018 at 17:55 Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > >> Bit of a click-baity title, but this article, which is about the URL in >> the browser, may be of interest to the TAG >> >> https://www.wired.com/story/google-wants-to-kill-the-url/ >> >> I posted this here because there was a request from Adrienne Porter Felt >> (chrome) for feedback >> >> https://twitter.com/__apf__/status/1037057268510912512 >> >> "If you're an academic researcher doing work in this space, I would LOVE >> to hear from you!" >> >> > >
Received on Thursday, 6 September 2018 20:19:39 UTC