MIT research on phishing solutions
This NetworkWorld article describes the presentations of some MIT researchers in the areas of wireless networking and phishing. The phishing portion in particular was interesting to me in that it reports,
Given that phishing schemes are so tricky, [MIT Assistant Professor] Miller's team is concentrating its efforts on redesigning browsers so that a user's intentions are clear to them. In other words, if a user wants to go to the site of a certain retailer, the browser would confirm the real URL for the retailer rather than letting the user go to a similar-looking, but bogus site. Key to doing this is improving not just security but usability, as Miller noted that enough roadblocks have already been thrown in front of users -- in the name of security -- when they try to conduct transactions on the Web.
What's noteworthy of course is that this paragraph is a pretty good description of the motivators behind what are code-named High Assurance SSL Certificates. But there's an enormous difference between these two efforts. The researchers are exactly that. When one of the other professors is questioned about the presence of this technology in commercial applications, she "stresse[s] that the work is still in its early stages." On the other hand, High Assurance SSL Certificates are going to be in production on a massive, worldwide scale this year. I'd like to extend an open invitation to Dr. Miller and other members of the computer science academic community to find out about High Assurance SSL to fit it into the work they're doing. Just e-mail the SSL Blog.