User talk:Mstone/Rainflow: Difference between revisions

From OLPC
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
 
Line 6: Line 6:


-- Sascha Silbe
-- Sascha Silbe

=== Questions ===

SSL and browsers as they are used today.

What's the interesting evidence?

* cjb points out: attestations about country of origin are helpful for anti-phishing efforts because some countries' providers are much more responsive to complaints than others'.

What's the ceremony?

What business opportunities does Rainflow offer?

* (e.g. greater brand visibility to trustworthy attesters)?



=== Other Ideas ===
=== Other Ideas ===

Latest revision as of 00:32, 24 June 2009

Peer review Activity

Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.

A shared "source browser" with highlighting/bookmarks and chat might be a good start.

-- Sascha Silbe

Questions

SSL and browsers as they are used today.

What's the interesting evidence?

  • cjb points out: attestations about country of origin are helpful for anti-phishing efforts because some countries' providers are much more responsive to complaints than others'.

What's the ceremony?

What business opportunities does Rainflow offer?

  • (e.g. greater brand visibility to trustworthy attesters)?


Other Ideas

  • Do what is safe; prompt for unsafe things.
  • So what about that covert channel in CSS for detecting what sites you've visited?
  • Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
    • Then I can compare my cards with other people's.
  • The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
  • So how does this play into REST? and sessions?
  • Also, how about search and browsing?
    • Perhaps people have templates that describe what kinds of data they're looking for?
  • Why did sshkeys.net fail?

Examples

  • Paul's geodata example
  • Automated scans of machines and software.
  • CAcert assurers
  • PGP key signings
  • "User clicks" vs. auto-updates