Toward Web Browsers That Make or Break Trust

Modern browsers handle the majority of the workload necessary to communicate securely over the web: encryption of outgoing data, decryption of incoming data, validation of certificates, storage of certificates, maintenance of trusted certificates authority list, etc. However, browsers rely on users to perform (at least) two tasks to support secure communication: recognize encrypted websites and respond to invalid certificates Studies have confirmed that these tasks are unusable users do not notice or do not understand encryption identification mechanisms in browsers and connect to websites with invalid certificates just as they connect to websites with valid certificates