Fixing the Web Trust Model
Dept. of Computer Science
Bar
Abstract:
Fraud is
increasing on the Web at alarming rates. We trace the problem to difficulties
with the current web trust model, and suggest improvements in user interface
and simple cryptographic protocols. One difficulty is that only a minority of
the web sites use SSL/TLS protection, which is essential to provide security
(against `Man In The Middle` adversaries). In fact,
even sensitive sites and login forms are often not SSL protected. Even if a
site is protected, it may use a CA which is untrustworthy. We suggest UI
improvements to fix these problems, and ensure awareness of protection status
and the use of trustworthy identification (CA).
Another
problem is that identification is currently based on the URL, and users are not
cognizant of the structure of URLs and domain names, and do not notice a
mismatch between the URL and the identity as claimed in the site. This problem exists for both SSL and non-SSL
sites. We suggest the inclusion of a `site identification` field which will
identify the site by logo or name, selected by the user (`petname`)
or by a trusted authority (e.g. CA).
We also
discuss some non-SSL solutions, to provide security in situations where SSL is
not applicable (e.g. due to overhead). Finally, we explain how browsers can
securely present credentials, ratings and `seals` of the sites, e.g. for
security, privacy, quality, and other attributes of site and of particular
page.
An
open-source implementation of our ideas is available in http://TrustBar.MozDev.org.