IE开发组的Blog
来源:百度文库 编辑:神马文学网 时间:2024/04/27 23:14:06
Monday, November 21, 2005 4:56 PM
Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers
Today I want to tell you about both our established plan to highlight secure sites in IE7 but also to tell you about some early thinking in the industry about creating stronger standards for identity on the internet.
IE7 will join other browsers like Firefox, Opera and Konqueror in making the experience for secure (HTTPS) sites more visible by moving the lock icon into the address bar. We think the address bar is also important for users to see in pop-up windows. A missing address bar creates a chance for a fraudster to forge an address of their own. To help thwart that, IE7 will show the address bar on all internet windows to help users see where they are. IE7 will also help users avoid fraudulent sites if users choose to use the Phishing Filter to check a site for known phishing activity.
Today the lock icon in your browser window fundamentally means that your traffic with the website is encrypted, and that a trusted third party, known as a Certification Authority, has identified the website. Certification Authorities offer certificates with broadly different levels of background checking for the website. Unfortunately, there is no industry standard method for anyone to tell what level of background checking was performed for a given site.
On Wednesday, we met with folks from other browser vendors including Mozilla (which is the basis of Firefox), Opera and Konqueror to discuss this situation (other browser vendors were invited but weren’t able to attend). George Staikos from Konqueror was good enough to host all of us in Toronto. Along with picking up the tab for lunch, George brewed coffee strong enough to bring weary travelers from Oslo and Redmond into the same time zone. Microsoft and others in the group think our users should have a better experience when they visit a website that passed a more rigorous identification process.
As a counter-example to how we might handle highly-identified sites, I presented the IE7 Anti-Phishing User Experience for known phishing and suspected phishing sites. The Phishing Filter shows warnings to users when it detects a site that might be trying to misrepresent its identity.
When the Phishing Filter is in use, IE will fill the address bar with red for known phishing sites (Fig 1) and with yellow for suspected phishing sites (Fig 2). In both cases, the address bar will include text that explains that the user should effectively either “stop” or proceed with “caution”. In IE7, most normal sites including those with “the lock” today will not have a color-filled address bar.
Fig 1, IE7 address bar for a known phishing website detected by the Phishing Filter
_xyz
Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers
Today I want to tell you about both our established plan to highlight secure sites in IE7 but also to tell you about some early thinking in the industry about creating stronger standards for identity on the internet.
IE7 will join other browsers like Firefox, Opera and Konqueror in making the experience for secure (HTTPS) sites more visible by moving the lock icon into the address bar. We think the address bar is also important for users to see in pop-up windows. A missing address bar creates a chance for a fraudster to forge an address of their own. To help thwart that, IE7 will show the address bar on all internet windows to help users see where they are. IE7 will also help users avoid fraudulent sites if users choose to use the Phishing Filter to check a site for known phishing activity.
Today the lock icon in your browser window fundamentally means that your traffic with the website is encrypted, and that a trusted third party, known as a Certification Authority, has identified the website. Certification Authorities offer certificates with broadly different levels of background checking for the website. Unfortunately, there is no industry standard method for anyone to tell what level of background checking was performed for a given site.
On Wednesday, we met with folks from other browser vendors including Mozilla (which is the basis of Firefox), Opera and Konqueror to discuss this situation (other browser vendors were invited but weren’t able to attend). George Staikos from Konqueror was good enough to host all of us in Toronto. Along with picking up the tab for lunch, George brewed coffee strong enough to bring weary travelers from Oslo and Redmond into the same time zone. Microsoft and others in the group think our users should have a better experience when they visit a website that passed a more rigorous identification process.
As a counter-example to how we might handle highly-identified sites, I presented the IE7 Anti-Phishing User Experience for known phishing and suspected phishing sites. The Phishing Filter shows warnings to users when it detects a site that might be trying to misrepresent its identity.
When the Phishing Filter is in use, IE will fill the address bar with red for known phishing sites (Fig 1) and with yellow for suspected phishing sites (Fig 2). In both cases, the address bar will include text that explains that the user should effectively either “stop” or proceed with “caution”. In IE7, most normal sites including those with “the lock” today will not have a color-filled address bar.
Fig 1, IE7 address bar for a known phishing website detected by the Phishing Filter
_xyz
IE开发组的Blog
Tinyfool的开发日记(blog)
开发Blog需注意的Blog基本特征和功能要素
浏览器的定制与扩展 - IE编程 - vc++ c++ c 程序开发(vc学习园地
IE 8 Accelerator加速器开发介绍
[IE编程] IE网页截图技术总结 - IE编程, 浏览器开发, HTML5 - CSDN...
取IE的url
高层次IE的思考
IE进程的恢复
IE的优化设置
IE的作用
IE故障的解决办法
IE浏览器的使用方法
IE 控件一些高级使用方法 - IE编程 - vc++ c++ c 程序开发(vc学习园地
车东[Blog^2]: 3年前的旧文:让你免于失业的十项开发技术
赵翼的诗与西太湖开发--千里冰封的blog
vitter‘s blog: [原创]windows下用openssh、ant、vss控制java项目的代码开发
Kermit’s Gossip ? Blog Archive ? 对嵌入式开发的一点思考
CSDN移动应用频道 ? Blog Archive ? [下载]网友推荐的Symbian开发入门级教程
struts开发 实践—实用小贴士 -- 我的blog -- [北方博客]
Dreamweaver扩展(插件)的开发 - CNBRUCE‘S BLOG(布鲁斯狼) /// 专注WEB技术,关注生活点滴
STM32开发板上音频播放程序的设计之二 -- nthq2004's Blog
双核处理器ARM+DSP如何实现协同工作 - 嵌入式ARM-Wince开发的blog | ...
软件开发组的团队精神