FSTC BMA Browser Recommendations
FSTC BMA Browser Recommendations Below are included some of the FSTC recommendations that are applicable for the Safe Browsing Mode and that are within the scope of WSC
Stronger UI
A stronger UI, makes it very clear whether or not the user is visiting a "legitimate site (see below for further discussion of what constitutes legitimacy), and that requires explicit user acton (e.g. overriding a warning) to visit a site that is questionable. The enhanced UI will go well beond the existing locked padlock icon and display strong indicators that
- o The communications channel is "adequately secure (i.e. that the encryption technique and cipher strength meet policy guidelines o The site is who it claims to be (i.e. the information presented by the site corresponds to identifying information contained within the site's certificate) o The site's certficate is certified by "strong" certification hierarchy, whose roots are a small subset of the root CAs distributed with the browser, and whose certification policies are developed by the financial services industry
Status indicators:
- o Make it easy to view and understand the contents of a server cert o Make error messages related to revoked and expired certs clear and actionable o Display warning when a hostname is resolved via local HOST file instead of DNS o Show [security context] in all modes including full screen
Processes:
- o Make UI for adding new root CA more understandable o Make process for requesting and installing certs/keys easy and seamless
Strengthen Browser against Local Attack:
- o Make it impossible for client scripts, controls, add-ons, or plugins to alter address bar or [security context displays]
Local browser-based defense against spoofed sites:
- o Checking for server cert revocation on by default o Block https access when hostnames in the server cert and URL don't match. No confusing dialog box o Block https access when server cert not issued by a trusted RCA. No confusing dialog box o Don't give uses the option to disable cert revocation or expiration checks
• Logo images can be attached to SSL certificates using the logographic extensions to X.509 described in IETF RFC 3709. Logos can be optionally attached for the issuer (the CA), the subject (the web site or domain), and community to which the issuer or subject belong.
Certificate logos play a similar role to favicons. Although web browsers will typically display them somewhat differently, both appear as site identifying images in chrome.
Unlike favicons however, certificate logos are cryptographically protected from tampering or forgery. And when tied to a well vetted certificate, they can be traced back to a Real Life entity outside of cyberspace. This latter is important because it allows legal recourse to be taken if an entity displays a logo in violation of trademarks or contractual agreements.
Certificate logos can be used safely if our recommendations are followed:
• Web agents should only display subject or community logos for high grade SSL certificates (such as EV) that require thorough requester vetting outside cyberspace.
• CAs who issue high grade SSL certificates (such as EV) ought to remind requesters that logographic imagery is subject to trademark laws and the requester is responsible to ensure the logo they supply to the RA is (a) legal for use in all countries and (b) visually distinguishable from other logos.
• In support of (b) above sites should follow basic principles of sound logo design: Use company name (text) in addition to imagery; don't rely on color to distinguish one company's logo from another (for color blind users); etc.