Trustmark: Difference between revisions
Jump to navigation
Jump to search
m (→Context) |
|||
| Line 4: | Line 4: | ||
The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870. | The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870. | ||
The goals of this effort | The goals of this effort are to enable: | ||
#The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy. | #The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy. | ||
#The user knows the context that the site operates by the federation(s) to which the site has subscribed. | #The user knows the context that the site operates by the federation(s) to which the site has subscribed. | ||
Revision as of 16:07, 31 October 2018
Full Title
The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.
Context
The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.
The goals of this effort are to enable:
- The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
- The user knows the context that the site operates by the federation(s) to which the site has subscribed.
- The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
- The user can stipulate their own conditions on which they are willing to interoperate with the site.
Problems
- Users do not pay attention to existing Trustmarks.
- Existing Trustmarks are trivial to copy on sites that are not trusted.
- Web site URLs can be spoofed as a result of the many alphabets that are now supported on the web.
Solution
The following are the current characteristics of the new Trustmark:
- The mark is cryptographically bound to an Identifier of the current web site which is linked to, but not the same as, its URL.
- The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
- The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
- The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
- Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.
Possible implementation details
- The Trustmark will be included in an <img> element with a tag that can be recognized by the browser as indicative of a Trustmark.
- At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark.
- If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker.
References and Coordination
- Much more detail is on the page Trustmark Evolving Design Pattern, which may not be fully up-to-date.
- This page is dedicated to collecting information about Trust in a digital environment.