On 20/07/12 09:39, Jan Schejbal wrote: > Except for 2010, every year since 2008 has had at least one significant > change to the SSL indicator. This means that each time we finally > managed to teach users what to look for, that changed.
And what we've ended up with now is an indicator that's really hard to see :-( > Training users is hard. Training users to look for SSL indicators is > even harder, as not only do all browsers use different indicators, they > also change all the time. Users trained to ignore locks in the favicon > location (due to spoofing) will now need to be re-trained to look and > trust just in the place they had been trained not to trust. > > The damage has already been done, so it is pointless discussing the > change or reverting it, that would just cause more chaos. Just please > strongly consider to stop changing the SSL indicators ever year. I feel your pain. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
