[cabfpub] CABForum Teleconference Proposed Topic: Common Browser UI Security Indicators
Kirk Hall
Kirk.Hall at entrustdatacard.com
Mon Jul 17 17:07:43 MST 2017
To my knowledge, a common browser UI has not been discussed in the CAB Forum before (although as I recall, it was always expected that a new EV UI would be created by browsers during the years we were drafting the EV Guidelines in the Forum).
I would point out that the array of browser UIs today is so mixed up that no user can really understand what the UIs mean – see link.
https://casecurity.org/browser-ui-security-indicators/
Plus, these indicators are constantly changing with no apparent guiding theory, so even if you understand the UIs today, you will probably not understand them tomorrow. And there has been no real user education for years. For these reasons, a common UI across browsers (and some stability in design) would be very welcome.
From: cspann at apple.com [mailto:cspann at apple.com]
Sent: Monday, July 17, 2017 4:04 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Mike Reilly (WDG) <Mike.Reilly at microsoft.com>; Nate Santiago <nasantia at microsoft.com>
Subject: [EXTERNAL]Re: [cabfpub] CABForum Teleconference Proposed Topic: Common Browser UI Security Indicators
To clarify, I was requesting to discuss if common browser UI should be discussed at the CAB Forum and if it had been discussed in the past what was the outcome of those discussions. Currently we are not looking to participate in a browser UI working group.
Cheers,
Curt
On Jul 13, 2017, at 11:51 AM, Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Sounds good. Our next teleconference is a week from today, and I’ll schedule a block of time.
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Mike Reilly (WDG) via Public
Sent: Thursday, July 13, 2017 11:16 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Cc: Nate Santiago <nasantia at microsoft.com<mailto:nasantia at microsoft.com>>
Subject: [EXTERNAL][cabfpub] CABForum Teleconference Proposed Topic: Common Browser UI Security Indicators
Hi Kirk. Curt Spann (Apple) and I would like some time on the next CABF teleconference to talk about coordinating browser UI security indicators for TLS/SSL certs. We have an interest in this area, and would like feedback from other browsers and CAs on the following:
1. Should browsers work toward a common browser UI security indicators related to certificates?
2. With the move to 100% encryption, what indicator should DV, OV, and EV sites receive?
3. Should we set up a new Browser UI Working Group within the Forum under the new governance structure to work on this topic?
Can we block out some time on the next call for this topic? Thanks, Mike
Mike Reilly | Principal PM Lead, Risk Management & Crypto Ecosystem
Windows and Devices Group (WDG) InfoSec
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170718/bcd24c23/attachment.html>
More information about the Public
mailing list