Browser makers to give trusted sites a green look

IDG News Service - Developers of four of the most widely used Internet browsers have agreed to make a number of changes to their products to make Web browsing a more secure and trustworthy experience.

Among the changes, which were informally agreed to during a recent meeting, are plans to create a new way of informing Web surfers that they are visiting a trusted Web site and major changes to the look of pop-up windows.

Developers representing the Internet Explorer, Firefox, Opera and the Konqueror browsers had been discussing ways to combat phishing and improve security in their products for about eight months, but they agreed to the new ideas during a meeting held in Toronto on Nov. 17, according to George Staikos, president of Staikos Computing Services Inc., and a Konqueror developer.

The most noticeable change will be in the way that certain high-profile Web sites are displayed. Developers would like to make the browser's address bar turn green when browsers are visiting popular Web sites like eBay or PayPal, much in the same way that the Firefox address bar goes yellow and displays a padlock when visiting a secure Web site.

The green address bar will contrast with the red address bar that Internet Explorer 7's Phishing Filter will display on known and suspected phishing sites.

To make this happen, developers would introduce a new, and as yet undetermined, more rigorous way of creating digital certificates. Digital certificates are a kind of electronic identification card used by Web sites to prove that they are, in fact, who they claim to be. They are issued by "certification authority" companies, including VeriSign Inc. and EnTrust Inc.

Developers at the Toronto meeting agreed to create a way of making a new type of "high assurance" certificates, said Staikos. "We want to create a stronger identity mechanism for sites that require a stronger identity. We need to be able to tell the users, 'Yes, you're actually at your bank,' as opposed to, 'You're at a site that looks like it might be your bank and you're using encryption.'"

Current digital certificates are supposed to reassure users, but that trust is undermined by the fact that these certificates can be fraudulently obtained, Staikos said. "There have been organizations in the past that have abused the system," he said. "It's not widespread yet, but we know it's not hard to abuse."


Developers from the Mozilla Foundation, which develops Firefox, and Microsoft Corp. endorsed the concept. "This is pretty much a theoretical idea at this point, but something that

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.