Ian G <i...@systemics.com> writes: >If one is trying to solve the whole thing, then using the much-commented >secure-bookmarks model would do this. Within the secure bookmark, record the >user's certificate and cache enough info on the server's cert to deal with >replacements (like, cert, name, CA).
There's a variant of this, the site-specific browser (SSB), that takes you to (for example) your bank in a strongly sandboxed, hardened environment. This reduces the cognitive load on the user from a more or less impossible-to- follow set of instructions to "only ever do your banking by clicking on this desktop icon". This isn't by any means a general solution, but by solving for the most common cases (your bank, Paypal, eBay, Amazon) you'd address a fairly large chunk of the problem. See "Breaking out of the Browser to Defend Against Phishing Attacks" by Smetters and Stewart for more details on this. >Others have suggested some ideas, so I'll just add: the problem isn't IMO >how to do it. There are lots of good ideas. Actually that does point out one problem, which I alluded to in my previous post: we have lots and lots of good ideas, but little hard data to indicate which ones will work and which won't, or which ones work better than others (although the cynical response to this might be that almost anything would work better than what we've got now). Specifically, there are a pile of papers along the lines of "here's an experiment showing that what we're doing now doesn't work, here's a completely new security mechanism we've invented that involves redesigning the browser and server authentication back-end, and as a side-effect here are some UI ideas to go with it". What we don't have however is "here's a real-world evaluation of various ideas that have been proposed for fixing what we already have built into browsers and servers". Unfortunately without this data we (including myself) are to some extent just "people wanking around with their opinions" [0]. It's also not certain how such data would be published. Which journal or conference would accept a paper with no "new ideas" in it, just a straightforward evaluation of existing material? Peter. [0] A Linus quote, brought about by a discussion on the difference between OS secheduler design and security design: "the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is 'hard science'. The other one is 'people wanking around with their opinions'". --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com