Everybody take a deep breath. If we start treating this as black-and-white extremes, it is unlikely that most users will get the best security and usability.
Few if any of us active in this thread are HCI experts. Few of us have anything more than small amounts of anecdotal evidence. Many of us strongly-held religions about what users should want for the security we offer them. It is quite clear that almost anything that is wanted along the spectrum of easy-and-insecure to cumbersome-and-very-secure is implementable in NSS and in software that uses NSS. It also is likely that NSS could embody many points along that spectrum and let the software decide; it would be our responsibility to choose those points wisely and to document them very well. My personal religion would have more points on the cumbersome-and-very-secure side, FWIW, but I know that there is a whole lot that I don't know. This discussion is an important one, but it is one that should involve way more than just us. In fact, maybe we should be only minor players in the discussion, better adept at implementing what others want than to try to lead them to the best solution for the users. I don't see the expertise here for any of us to be stating the One True Solution. --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
