On Mon, Dec 11, 2017 at 6:31 PM Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> What I dislike about this particular rationale is that I presupposes we > should architect web security such as to avoid enhancements which have > value to anyone the least common denominator. > > Is the average user (actually, the bottom rung of the concentration of > values around the average, I suppose) the only user our interfaces should > target? Yes. If something is not valuable for billions of users, if it is not trustworthy for billions of users, it should not occupy the cognitive or visual model billions of users rely on. > > On Mon, Dec 11, 2017 at 5:21 PM, Hanno Böck via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > > > I support the removal of special treatments and UI for EV > > certificates. > > > > Rationale: I believe plenty of security research shows that it is > > incredibly hard to communicate security indicators to users. If you ask > > average users about the meaning of green locks, green URL bars or > > anything else they will usually not know what it means. > > > > > What I dislike about this particular rationale is that it presupposes that > we should architect web security such as to avoid enhancements which have > value to anyone beyond the least common denominator. > > Is the average user (actually, the bottom rung of the concentration of > values around the average, I suppose) the only user our interfaces should > target? > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
