Paper summarizing new directions in protecting web users

Amir Herzberg herzbea at
Mon Mar 6 10:59:52 EST 2006

I've summarized the current directions that our group is working on
towards improving security for web users. I'll probably soon post it as
HTML, but I'm terribly busy and so far just posted it in eCrypt as PDF,
see at

We hope to soon be able to provide more details and working extension(s)
implementing these ideas - we are working on these. We would love your
feedback, and look forward to cooperate with _any_ browser vendor, or
security company (anti-virus, CA, etc.) that is interested in pursuing
these exciting opportunities.

Abstract. We describe the current state of web security, and identify
the main problems. We then present proposals for improvements,
including: secure site identification widget; secure and convenient
`single click logon`; improved validation certificates; and using
public-key signatures and automated resolutions and penalties, to defend
against malicious content including malware.

I'll appreciate your comments, suggestions and corrections.

BTW: I'll be in NYC all of next week, for the W3C Workshop on
Transparency and Usability of Web Authentication; in particular I'll
visit (and present) in Columbia univ. this Friday and in IBM Watson on
next Tuesday - so if any of you are around, I'll love to see you.
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
Try TrustBar - improved browser security UI:
Visit my Hall Of Shame of Unprotected Login pages:

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list