Fixing the Web Trust Model
Dept. of Computer Science
Fraud is increasing on the Web at alarming rates. We trace the problem to difficulties with the current web trust model, and suggest improvements in user interface and simple cryptographic protocols. One difficulty is that only a minority of the web sites use SSL/TLS protection, which is essential to provide security (against `Man In The Middle` adversaries). In fact, even sensitive sites and login forms are often not SSL protected. Even if a site is protected, it may use a CA which is untrustworthy. We suggest UI improvements to fix these problems, and ensure awareness of protection status and the use of trustworthy identification (CA).
Another problem is that identification is currently based on the URL, and users are not cognizant of the structure of URLs and domain names, and do not notice a mismatch between the URL and the identity as claimed in the site. This problem exists for both SSL and non-SSL sites. We suggest the inclusion of a `site identification` field which will identify the site by logo or name, selected by the user (`petname`) or by a trusted authority (e.g. CA).
We also discuss some non-SSL solutions, to provide security in situations where SSL is not applicable (e.g. due to overhead). Finally, we explain how browsers can securely present credentials, ratings and `seals` of the sites, e.g. for security, privacy, quality, and other attributes of site and of particular page.
An open-source implementation of our ideas is available in http://TrustBar.MozDev.org.