On 4/4/2013 1:53 AM, Gervase Markham wrote:
> On 02/04/13 12:20, Florian Weimer wrote:
>> In a corporate setting, intercepting proxies are fairly common, and
>> displaying a warning would be annoying to users. (Didn't some browser
>> vendor already try that?)
>
> It depends what UI you use. For example, if we had a red padlock... ;-)
>
> Seriously, that seems to be saying "users don't want to be bothered with
> the fact that their connection to their bank is being MITMed". I'm
> really not sure that's true.
Agreed.
If it were up to me, I'd put a red band across the top of the
window, with
"Your communications are being monitored at
"firewall3.lehman.com" [146.127.226.4] as authorized by
a security certificate on your machine installed by "administrator".
Warning bars like that are seen on multi-level secure systems in some
DoD environments. (They say things like "SECRET NOFORN" in that
environment.) There's no way to turn them off.
John Nagle
"Work for mankind, not for the man" - Mozilla billboard.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
