[cap-talk] Update on petname related anti-phishing work at the W3C
Tyler Close
tyler.close at gmail.com
Wed Jun 27 19:20:37 EDT 2007
On 6/27/07, Ka-Ping Yee <cap-talk at zesty.ca> wrote:
> On Wed, 27 Jun 2007, Tyler Close wrote:
> > > Is the bottom of the browser window the best place for the tool? I'm
> > > concerned that the user's attention will be closer to the top of the
> > > page.
> >
> > You're probably right, but the top of the page is a cesspool from a
> > security point of view. All of the widgets there are displaying
> > messages from the attacker.
>
> I'm not so sure that the bottom is better -- neither the top nor bottom
> are "clean" areas from a security point of view. The top contains the
> toolbar buttons (which have to be trustworthy) and the URL field (which
> is partly trustworthy, i.e. it must be accurate but can be influenced
> to make it misleading). The bottom contains the status bar, which
> shows a mix of messages from the browser, the HTML, and JavaScript code.
That's why the proposal explicitly says it's replacing the status bar.
Safari has already gotten rid of it and Konqueror is following. I'm
hoping the others will go along as well.
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/
More information about the cap-talk
mailing list