Browser makers to give trusted sites a green look

Developers of four of the most widely used Internet browsers have agreed to make a number of changes to their products to make Web browsing a more secure and trustworthy experience.

Among the changes, which were informally agreed to during a recent meeting, are plans to create a new way of informing Web surfers that they are visiting a trusted Web site and major changes to the look of pop-up Windows.

Developers representing the Internet Explorer, Firefox, Opera, and the Konqueror browsers had been discussing ways to combat phishing and improve security in their products for about eight months, but they agreed to the new ideas during a meeting held in Toronto on November 17, according to George Staikos, president of Staikos Computing Services, and a Konqueror developer.

The most noticeable change will be in the way that certain high-profile Web sites are displayed. Developers would like to make the browser's address bar turn green when browsers are visiting popular Web sites like eBay.com or Paypal.com, much in the same way that the Firefox address bar goes yellow and displays a padlock when visiting a secure Web site.

The green address bar will contrast with the red address bar that Internet Explorer (IE) 7's Phishing Filter will display on known and suspected phishing sites.

To make this happen, developers would introduce a new, and as yet undetermined, more rigorous way of creating digital certificates. Digital certificates are a kind of electronic identification card used by Web sites to prove that they are, in fact, who they claim to be. They are issued by "certification authority" companies, including Verisign and EnTrust.

Developers at the Toronto meeting agreed to create a way of making a new type of "high assurance" certificates, said Staikos. "We want to create a stronger identity mechanism for sites that require a stronger identity," he said. "We need to be able to tell the users, 'Yes, you're actually at your bank,' as opposed to, 'You're at a site that looks like it might be your bank and you're using encryption.'"

Current digital certificates are supposed to reassure users, but that trust is undermined by the fact that these certificates can be fraudulently obtained, Staikos said. "There have been organizations in the past that have abused the system," he said. "It's not widespread yet, but we know it's not hard to abuse."

Developers from the Mozilla Foundation, which develops Firefox, and Microsoft Corp. endorsed the concept. "This is pretty much a

theoretical idea at this point, but something that would be interesting from a browser point of view," wrote Mozilla developer Frank Hecker, in an e-mail interview.

"We want to take the experience in the address bar a step further and help create a positive experience for rigorously identified HTTPS (HyperText Transport Protocol Secure) sites," wrote Microsoft developer Rob Franco in a post to Microsoft's Internet Explorer blog.

Franco has posted examples of how these Web sites might appear in the upcoming IE7 browser on the blog (http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx).

In addition to the green background, IE would show the name of the company being visited along with the name of the certificate authority that vouched for the Web site, Franco wrote.