Trustmark: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 28: Line 28:
*At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark.
*At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark.
*If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker.
*If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker.
*A new schema is developed for trusted web site [[Identifiers]]s, e.g. tid:// or just tid: similar to the did:.


==References and Coordination==
==References and Coordination==
*Much more detail is on the page [[Trustmark Evolving Design Pattern]], which may not be fully up-to-date.
*Much more detail is on the page [[Trustmark Evolving Design Pattern]], which may not be fully up-to-date.
*[https://tcwiki.azurewebsites.net/index.php?title=Trust This page] is dedicated to collecting information about Trust in a digital environment.
*[https://tcwiki.azurewebsites.net/index.php?title=Trust This page] is dedicated to collecting information about Trust in a digital environment.

Revision as of 16:19, 31 October 2018

Full Title

The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.

Context

The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.

The goals of this effort are to enable:

  1. The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
  2. The user knows the context that the site operates by the federation(s) to which the site has subscribed.
  3. The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
  4. The user can stipulate their own conditions on which they are willing to interoperate with the site.

Problems

  • Users do not pay attention to existing Trustmarks.
  • Existing Trustmarks are trivial to copy on sites that are not trusted.
  • Web site URLs can be spoofed as a result of the many alphabets that are now supported on the web.

Solution

The following are the current characteristics of the new Trustmark:

  1. The mark is cryptographically bound to an Identifier of the current web site which is linked to, but not the same as, its URL.
  2. The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
  3. The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
  4. The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
  5. Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.

Possible implementation details

  • The Trustmark will be included in an <img> element with a tag that can be recognized by the browser as indicative of a Trustmark.
  • At competition of page load browsers will check for the tag so that they can run a check on the cryptographic binding of the mark.
  • If the check fails two events will occur, the header of the browser will flag the site as unsafe, a message will be sent by the browser to any user authorized malware checker.
  • A new schema is developed for trusted web site Identifierss, e.g. tid:// or just tid: similar to the did:.

References and Coordination