20061021

W3C Launches Secure Browsing Initiative

Link

The W3C has begun a Secure Browsing Initiative.

The goal of this Working Group is to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web; e.g., giving up passwords or other sensitive information to possibly malicious sites.
I think this is a step in the right direction, since I'm being educated over and over again that user education is futile. Evidently, my three rules for using the internet (which might even be amended to just two) won't go over as well as some technology to help the user out.

Most of the charter is focused around identification of the target site - means of making it easier for the end user to understand what they're looking at and easier for the user to determine if the site is who they believe it to be. With things like Akamai and very large sites having many certs, something like this may be easier to deal with for end users than my recommendation of deleting all your root certs.

So here I am - fessing up that user education, while 100% effective to those who choose to be educated, doesn't go as far as some technology. I hope that this really gets some steam. The timeline is VERY aggressive - a final recommendation is scheduled of Q2 2008, but W3C recommendations usually become implemented by technology during the early working drafts.

0 comments: