[cabfpub] Chrome security warning discrepancy?

Tony Rutkowski tony at yaanatech.com
Mon Jan 26 20:31:27 UTC 2015


As a few of the CAB old boys know,  I spent several
years running the cybersecurity group in ITU-T where
I evangelized the Forum's work, rewrote the original
spec to meet international standards formatting requirements
and even included the EVcert spec as a significant component
of the cybersecurity framework in X.1500.  Part of that
evangelization included the Forum doing what is now
being discussed.

So it's commendable the the Forum is proceeding, and it
should just do it.  It is the right international body for any
number of reasons, and will be widely recognized.  No one
is going to do the job for you.

The only comparable effort I've seen is the Traffic
Light Protocol as a cybersecurity information sensitivity
indicator.  That was originally advanced by the UK
government and has now been picked up by most
of the national CERTs.

On 2015-01-26 2:05 PM, Dean Coclin wrote:
> I don’t think Ben meant to be literal in his comment, but rather was 
> pointing out that it would be useful for consumers and end users to be 
> able to use different browsers and see similar and consistent warning 
> information, similar to international traffic signs. We all know what 
> a red octagon means even though in Puerto Rico it says, “Pare”. When 
> we see it, we put our foot on the brake.  Could similar behavior be 
> ingrained in end users if all browsers had consistent security signs? 
> Perhaps more study is necessary.
> As some of you know, the forum has never been able to place 
> requirements on browsers, yet the opposite is true.
> Dean
> *From:*Tony Rutkowski [mailto:tony at yaanatech.com]
> *Sent:* Monday, January 26, 2015 10:58 AM
> *To:* Ben Wilson; Stephen Davidson; Dean Coclin; CABFPub 
> (public at cabforum.org)
> *Subject:* Re: [cabfpub] Chrome security warning discrepancy?
> No!
> You want a widely accepted industry specification,
> and this is exactly what the CA/B Forum exists for.
> If you look at the RSS Convention, it was done in
> 1968.  There appear to be only a few dozen signatories
> with many notable omissions.  Similarly, few nations
> even participate in the related body.
> For a browser security indicator, you couldn't even
> begin to get Nation States to discuss a subject
> that plainly is not properly a subject of public
> international law.
> The Forum should be pursuing and evangelizing
> its own work here rather than fantasizing over
> treaties.
> --tony, esq.
> On 2015-01-25 10:25 AM, Ben Wilson wrote:
>     Time for an international treaty on browser security indicators?
>     See
>     http://en.wikipedia.org/wiki/Vienna_Convention_on_Road_Signs_and_Signals#Traffic_lights.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150126/8b744304/attachment-0003.html>

More information about the Public mailing list