I've summarized the current directions that our group is working on towards improving security for web users. I'll probably soon post it as HTML, but I'm terribly busy and so far just posted it in eCrypt as PDF, see at http://eprint.iacr.org/2006/083.pdf.
We hope to soon be able to provide more details and working extension(s) implementing these ideas - we are working on these. We would love your feedback, and look forward to cooperate with _any_ browser vendor, or security company (anti-virus, CA, etc.) that is interested in pursuing these exciting opportunities. Abstract. We describe the current state of web security, and identify the main problems. We then present proposals for improvements, including: secure site identification widget; secure and convenient `single click logon`; improved validation certificates; and using public-key signatures and automated resolutions and penalties, to defend against malicious content including malware. I'll appreciate your comments, suggestions and corrections. BTW: I'll be in NYC all of next week, for the W3C Workshop on Transparency and Usability of Web Authentication; in particular I'll visit (and present) in Columbia univ. this Friday and in IBM Watson on next Tuesday - so if any of you are around, I'll love to see you. -- Best regards, Amir Herzberg Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]