[OpenID] Replacing all browsers isn't as hard as it might seem...

James A. Donald jamesd at echeque.com
Mon Jan 22 18:30:11 UTC 2007

Bob Wyman wrote:
 > The fact that browsers have failed to provide us with
 > the capabilities we need to provide our users with a
 > safe browsing experience cannot be something that we
 > simply accept and try to work around. This situation
 > should be considered a scandal and the press should be
 > filled with articles on the subject. The proper and
 > correct course of action is, I think, to find means to
 > force the browser developers to address better the
 > most critical needs of the market. Too many people
 > have lost too much money, reputation, or time as a
 > result of using browsers built by people who
 > prioritized "pretty" web pages or proprietary
 > interests as being more important than safe browsing.

There are several problems:

1.  People are not agreed, and are not likely to agree,
on the solution to phishing.  So we cannot all agree on
a solution, instead the solutions have to be introduced

2.  Commercial interests are committed to solving the
problem with PKI, which is an already failed solution.

3.  Even if people are agreed, the IETF is moribund, so
we also have bypass the institutions by which internet
wide changes are usually made.

4.  We also want to solve the messaging problem - we not
only need client side code to know who you have a login
relationship with, it needs to examine messages to see
if they come from someone you have a login relationship
with, which probably requires a new messaging
environment - some form of instant messaging, since
people are already accustomed to using the buddy
interface for instant messaging, which stops most spam.
Whitelists and blacklists are central to the IM user
experience, whereas they are just an add on with email

5.  The kind of measures that are required to solve
phishing are off topic for OpenID - and the topic police
are apt to deem them off topic everywhere, since any
proposal is necessarily a major change in the way things
are done.

More information about the general mailing list