Steffen Schulz wrote: > On 081018 at 20:30, Nelson B Bolyard wrote: >> FF3 had utterly failed to convey to her any understanding that she was >> under attack. The mere fact that the browser provided a way to override >> the error was enough to convince her that the errors were not serious. > > I find it amazing that someone shows this level of ignorance but then > manages to file a bugreport... :-)
And ... reformat drive, play with compilers, flags, build own browser, switch between versions, bum off others' wireless, maintain a login at bugzilla, make a near-perfect bug report ... This is not your average end-user. I'll bet you a dime to a dollar she knew precisely what the certificates are for. The general excuse of "users are stupid" isn't going to work this time :) >> The question is: how can FF3+ *effectively* protect users like her from >> MITM attackers better than FF3 has already done? > > Personally, I like the idea of a 'safe mode' in the browser. Safe-mode > is very visible, provides limited scripting and https-only to a defined > set of sites. If mom wants to go banking, she's been told she has to > activate safe-mode. Otherwise banking is insecure. I have thought about that too, and I don't think it is going to work for the general users. Originally I thought it would, but I think we have crossed that Rubicon already. I run NoScript which cuts away about 95% of the crap on most sites, and actually makes FF run nicely, because it isn't struggling under all that javascript crap. (It is worth it for that alone.) However, it breaks a lot of ecommerce sites that use credit cards. Three times now I've found that certain (big) ecommerce sites that use credit cards totally break in the actual payment phase. I have to close the browser, restart, retype in the transaction from scratch, and use the nuclear button on NoScript: Allow scripts *Globally* (Dangerous!) before the transaction goes live. Then it goes through. I don't know what these sites are doing, but this is far too regular. And, NoScript is as good as it gets atm (so I am told, opinions welcome). > It is some action that the user initiates, she tells the program when > some critical operation starts and ends. If she has to exit safe-mode > to go to a bank then that is a very obvious decision to test her luck. This unfortunately will be the case, and too many times. I have to permit all scripting for my online bank. What is the combined sum of these messages: Bank uses scripting, NoScript turns off scripting because it is dangerous, User has to turn off NoScript ? We have a mess. Users have a right to be confused if this is forced on them... >> Is removal of the ability to override bad certs the ONLY effective >> protection for such users? > > No. Vista/IE7 seems to ship with various scripting deactivated by > default. So what happens? The page worked before, now it doesn't. > Thats clearly a problem of the stupid new computer. So we ask the > neighbour's kid to solve this and everything 'works'... Right. That's reality. > I do though would like some sane alternative for people who are aware > of the certificate stuff. The possibility to chose Yes/No/Ignore with > one click and to optionally display certiciate details plus KCM info > instead of a verbose warning. I would definately like to see the KCM deployed. Both of KCM and the CA-pki model work well enough when nothing is happening; now stuff is happening, and we need more. Use every tool we can, hopefully they can work together. Other than that, I would like to figure out a nice story that says "use Firefox for all your general browsing ... but use XXXX for your online bank". I just don't know what XXXX is. I liked the google Chrome approach of separate VMs for each tab/page. There are definate limits to how we can expect a general user app like Firefox to firewall itself with "quality code" without general overflow protection ... putting hard boundaries around the virtual site within the browser is a very good idea, I think. Some people maintain separate Firefox installs. I've tried using "fast user switching" in MacOSX. But these are too hard to expect ordinary users to follow them. iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
