On Tue, Jun 7, 2011 at 2:25 PM, Marsh Ray <ma...@extendedsubset.com> wrote: > I dunno. Seems like more often than not these days it's security taking a > back seat to the user experience. > > For example, Mozilla is removing the status bar and the SSL lock icon along > with it. A perfect opportunity for a phishing site to paint one of their > own. Now they're talking about removing the address bar too.
Agreed. > With every pixel valuable on mobile displays, browsers want to dedicate the > whole frame to the page itself. Consequently, there is no chrome with which > to communicate security information out-of-band, i.e., not under the control > of the web page. FWIW, the webkit-based browser on my phone (an Evo) does give me a way to get to the menu via touch buttons at the bottom of the phone, and thence to the status bar. Think of that as a secure attention sequence (SAS). So, it is possible to have a good UI, even on a button-deprived smartphone. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography