Trustmark: Difference between revisions
Jump to navigation
Jump to search
m (→Context) |
|||
Line 28: | Line 28: | ||
*At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark. | *At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark. | ||
*If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker. | *If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker. | ||
*A new schema is developed for trusted web site [[Identifiers]]s, e.g. tid:// or just tid: similar to the did:. | |||
==References and Coordination== | ==References and Coordination== | ||
*Much more detail is on the page [[Trustmark Evolving Design Pattern]], which may not be fully up-to-date. | *Much more detail is on the page [[Trustmark Evolving Design Pattern]], which may not be fully up-to-date. | ||
*[https://tcwiki.azurewebsites.net/index.php?title=Trust This page] is dedicated to collecting information about Trust in a digital environment. | *[https://tcwiki.azurewebsites.net/index.php?title=Trust This page] is dedicated to collecting information about Trust in a digital environment. |
Revision as of 16:19, 31 October 2018
Full Title
The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.
Context
The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.
The goals of this effort are to enable:
- The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
- The user knows the context that the site operates by the federation(s) to which the site has subscribed.
- The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
- The user can stipulate their own conditions on which they are willing to interoperate with the site.
Problems
- Users do not pay attention to existing Trustmarks.
- Existing Trustmarks are trivial to copy on sites that are not trusted.
- Web site URLs can be spoofed as a result of the many alphabets that are now supported on the web.
Solution
The following are the current characteristics of the new Trustmark:
- The mark is cryptographically bound to an Identifier of the current web site which is linked to, but not the same as, its URL.
- The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
- The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
- The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
- Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.
Possible implementation details
- The Trustmark will be included in an <img> element with a tag that can be recognized by the browser as indicative of a Trustmark.
- At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark.
- If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker.
- A new schema is developed for trusted web site Identifierss, e.g. tid:// or just tid: similar to the did:.
References and Coordination
- Much more detail is on the page Trustmark Evolving Design Pattern, which may not be fully up-to-date.
- This page is dedicated to collecting information about Trust in a digital environment.