Re: Study questions EV certs effectiveness?

[Eddy Nigg (StartCom Ltd.)]

Which leads me back to one of my original proposals to actually improve the whole UI related to certification and provide an easy, but effective way to display the most important information, specially the subject line, by mouse over or one click on the pad lock! This would provide better support of ALL types of certificates, since also low assurance certificates will not disappear. But other well validated certificates are going to exist and EV certificates are only one of them. Important information is usually included within the subject line and it should be easy for user to reach this information!

--
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390

Michael Lefevre wrote:

On 2007-01-29, Gervase Markham <[EMAIL PROTECTED]> wrote:

dolphinling wrote:

"The study, based on user testing, found that EV certificates don't improve users' ability to detect attacks, that the interface can be spoofed, and that training users actually decreases their ability to detect attacks."

What that actually means is that the study found that the Internet Explorer EV UI (the green bar) doesn't improve users' ability to detect attacks.

Indeed. But from what I've seen discussed so far though, the proposed
Firefox EV UI would be similar.  The picture-in-picture spoofs were highly
effective - it doesn't really matter what the security UI does or looks
like if it can be approximated by a web page.

There was also the finding that the user training actually made people
much more trusting of the spoof sites.  After being told about phishing
protection, people assumed that they could trust anything without a
phishing warning.  I don't see how that problem would be different for
Firefox.

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security