Re: Google Wants to Kill the URL from Nathan Rixham on 2018-09-06 (www-tag@w3.org from September 2018)

From: Nathan Rixham <nathan@webr3.org>
Date: Thu, 6 Sep 2018 21:19:15 +0100
To: Henry Story <henry.story@bblfish.net>
Cc: John Kemp <johnk@stabledomain.net>, Dan Daniel Appelquist <dan@torgo.com>, TAG List <www-tag@w3.org>
Message-ID: <CANiy74xKqP7F0n_e27Ts-nyB2VTM8o8iouOZ91j0VX3pPQKxEQ@mail.gmail.com>

"I don’t think URLs are working as a good way to convey site identity ..
We want to move toward a place where web identity is understandable by
everyone ..
We’re figuring out the right way to convey identity."

[Web Identity] is [verified owner] of [URL] .

This seems achievable, familiar even.

On Thu, Sep 6, 2018 at 7:16 PM, Henry Story <henry.story@bblfish.net> wrote:

>
>
> On 5 Sep 2018, at 19:41, John Kemp <johnk@stabledomain.net> wrote:
>
> I guess the problem, succinctly stated, might be this:
>
> 1. Website owners want it to be difficult for their identity to be forged
> - they want their customers to be coming to them, and not an imposter. The
> URL is part of their brand identity. Attackers frequently (and
> successfully) imitate legitimate sites by imitating their URLs.
>
> 2. Ordinary users want to be sure they are visiting the correct store;
> when you hand over either money or other valuable data, you don’t want to
> be giving it to an attacker. It is increasingly difficult for an ordinary
> person to tell that they are being attacked, due to having to parse
> complicated-looking URLs in order to verify their own security.
>
> The relationship between URL and identity has been fraught since the Web
> began, and the TAG has attempted to address this question before. Having a
> better relationship between technical identity, and the intuitive ("brand”)
> identity of a site may be helpful in improving Web security.
>
>
> I have a proposal on how to get this to work correctly without giving up
> on URLS
> by tying institutions and nations into the web. They have the money,
> the legal frameworks, the police and others to deal with fraud and the
> international relations requirements to make this work. It of course has
> to be
> decentralised, to take into account that nations don't see alike on many
> issues.
>
>
> "Stopping HTTPs Phishing"
> https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9
>
> Hope that helps,
>
> Henry
>
>
> - johnk
>
> On Sep 5, 2018, at 1:24 PM, Daniel Appelquist <dan@torgo.com> wrote:
>
> Ever since there has been a URL people have been proclaiming its imminent
> demise. However, from what I can tell, the article is about how the URL is
> surfaced in a specific browser UI. This feels out of scope for the TAG.
>
> Dan
>
> On Wed, 5 Sep 2018 at 17:55 Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>> Bit of a click-baity title, but this article, which is about the URL in
>> the browser, may be of interest to the TAG
>>
>> https://www.wired.com/story/google-wants-to-kill-the-url/
>>
>> I posted this here because there was a request from Adrienne Porter Felt
>> (chrome) for feedback
>>
>> https://twitter.com/__apf__/status/1037057268510912512
>>
>> "If you're an academic researcher doing work in this space, I would LOVE
>> to hear from you!"
>>
>>
>
>

Received on Thursday, 6 September 2018 20:19:39 UTC