User talk:Mstone/Rainflow: Difference between revisions

From OLPC
Jump to navigation Jump to search
m (New page: === Peer review Activity === Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to us...)
 
mNo edit summary
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:


-- Sascha Silbe
-- Sascha Silbe

=== Questions ===

SSL and browsers as they are used today.

What's the interesting evidence?

* cjb points out: attestations about country of origin are helpful for anti-phishing efforts because some countries' providers are much more responsive to complaints than others'.

What's the ceremony?

What business opportunities does Rainflow offer?

* (e.g. greater brand visibility to trustworthy attesters)?


=== Other Ideas ===

* Do what is safe; prompt for unsafe things.
* So what about that covert channel in CSS for detecting what sites you've visited?
* Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
** Then I can compare my cards with other people's.
* The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
* So how does this play into REST? and sessions?
* Also, how about search and browsing?
** Perhaps people have templates that describe what kinds of data they're looking for?
* Why did sshkeys.net fail?

=== Examples ===

* Paul's geodata example
* Automated scans of machines and software.
* CAcert assurers
* PGP key signings
* "User clicks" vs. auto-updates

Latest revision as of 00:32, 24 June 2009

Peer review Activity

Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.

A shared "source browser" with highlighting/bookmarks and chat might be a good start.

-- Sascha Silbe

Questions

SSL and browsers as they are used today.

What's the interesting evidence?

  • cjb points out: attestations about country of origin are helpful for anti-phishing efforts because some countries' providers are much more responsive to complaints than others'.

What's the ceremony?

What business opportunities does Rainflow offer?

  • (e.g. greater brand visibility to trustworthy attesters)?


Other Ideas

  • Do what is safe; prompt for unsafe things.
  • So what about that covert channel in CSS for detecting what sites you've visited?
  • Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
    • Then I can compare my cards with other people's.
  • The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
  • So how does this play into REST? and sessions?
  • Also, how about search and browsing?
    • Perhaps people have templates that describe what kinds of data they're looking for?
  • Why did sshkeys.net fail?

Examples

  • Paul's geodata example
  • Automated scans of machines and software.
  • CAcert assurers
  • PGP key signings
  • "User clicks" vs. auto-updates