Browser makers to give trusted sites a green look

To fight phishing, Web browser developers would like to introduce a new way of showing Web surfers that they are on trusted Web sites.

Developers of four of the most widely used Internet browsers have agreed to make a number of changes to their products to make Web browsing a more secure and trustworthy experience.

Among the changes, which were informally agreed to during a recent meeting, are plans to create a new way of informing Web surfers that they are visiting a trusted website and major changes to the look of pop-up Windows.

Developers representing the Internet Explorer, Firefox, Opera and the Konqueror browsers had been discussing ways to combat phishing and improve security in their products for about eight months, but they agreed to the new ideas during a meeting held in Toronto on November 17, president of Staikos Computing Services, and a Konqueror developer, George Staikos. said.

The most noticeable change will be in the way that certain high-profile Web sites are displayed. Developers would like to make the browser's address bar turn green when browsers are visiting popular websites such as eBay.com or Paypal.com, much in the same way that the Firefox address bar goes yellow and displays a padlock when visiting a secure website.

The green address bar will contrast with the red address bar that Internet Explorer (IE) 7's Phishing Filter will display on known and suspected phishing sites.

To make this happen, developers would introduce a new, and as yet undetermined, more rigorous way of creating digital certificates. Digital certificates are a kind of electronic identification card used by websites to prove that they are, in fact, who they claim to be. They are issued by certification authority companies, including Verisign and EnTrust.

Developers at the Toronto meeting agreed to create a way of making a new type of high assurance certificates, Staikos said.

"We want to create a stronger identity mechanism for sites that require a stronger identity," he said. "We need to be able to tell the users, 'Yes, you're actually at your bank', as opposed to, 'You're at a site that looks like it might be your bank and you're using encryption.'"

Current digital certificates were supposed to reassure users, but that trust was undermined by the fact that these certificates could be fraudulently obtained, Staikos said.

"There have been organisations in the past that have abused the system," he said. "It's not widespread yet, but we know it's not hard to abuse." Developers from the Mozilla Foundation, which develops Firefox, and Microsoft endorsed the concept.

"This is pretty much a theoretical idea at this point, but something that would be interesting from a browser point of view," wrote Mozilla developer, Frank Hecker, in an email interview.

"We want to take the experience in the address bar a step further and help create a positive experience for rigorously identified HyperText Transport Protocol Secure (HTTPS) sites," wrote Microsoft developer, Rob Franco, in a post to Microsoft's Internet Explorer blog.

Franco has posted examples of how these websites might appear in the upcoming IE7 browser on the blog (http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx).

In addition to the green background, IE would show the name of the company being visited along with the name of the certificate authority that vouched for the website, Franco wrote.

Developers in Toronto also agreed to no longer allow pop-up windows to be displayed without an address bar or a status bar, making it harder for them to be mistaken for other types of Windows messages, Staikos said. "You'll always know that window belongs to a Web browser," he said.

Internet Explorer would adopt this practice in IE7 and, like Firefox, it wouldl show a lock icon in the address bar when it is viewing secure websites, Franco wrote.

There is much work to be done before the new types of certificates will be broadly adopted, but with the idea approved, at least in concept, by the browser makers, Staikos was confident that it would also be picked up as a profitable new product for certificate authorities.

"If we provide a facility for this, I think it would be downright silly for companies not to jump in and start issuing these things," he said.

But it's still going to be awhile before IE or Firefox users are seeing green, he said. "I would not be surprised if it takes at least a year-and-a half."

Join the newsletter!

Error: Please check your email address.

More about eBayEntrustMicrosoftMozillaMozilla FoundationPayPalVeriSign Australia

Show Comments

Market Place

[]