[19033] in cryptography@c2.net mail archive
`Identified by` technique of TrustBar adopted by IE, other
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Wed Nov 30 10:47:26 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 24 Nov 2005 11:58:40 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Reply-To: herzbea@macs.biu.ac.il
To: Research on current Internet anti-fraud techniques <anti-fraud@lists.cacert.org>,
"'Cryptography'" <cryptography@metzdowd.com>
IE 7 implements some of TrustBar and FF improvements to security
indicators. Specifically, they now color-code the location bar and
added, in SSL/TLS pages, the name of the site and the `Identified by`
<name of CA> - like TrustBar.
They do not yet implement some of our other mechanisms, including the
petnaming (allowing users to select their own name or logo which will be
automatically displayed on entering a specific site), and the `random
training exercise attacks`. OTOH, at least regarding the last
mechanisms, we definitely agree it is not yet ready for prime time (and
hope soon to provide a better version of it).
Some relevant links:
http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx - IE developer
describing the improved security UI, with some screen shots
http://dot.kde.org/1132619164/ - KDE developer describes a meeting of
developers of four major browsers (IE, FF, Opera, KDE) where they agreed
to adopt these ideas
http://AmirHerzberg.com/TrustBar - my page for info and downloads of
TrustBar... TrustBar is a public domain, open source project.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
