Eddy Nigg wrote:
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Shit no !
The higher the false positive rate, the more acute the failure.
People will trust and respect the warning *only* if there's a very low
rate of false positives, down to the point where it *could make sense*
to tolerate a few false negative *if* that's the only way to make sure
they are sufficiently few false positives to get user to trust the
warnings when they do appear.
Yes, the average users Firefox 3+ don't know how to work around the
warnings, but they just start IE to get to the site instead. At the end
of the day, the failure to protect them is exactly the same.
I was running an old Firefox 2 version recently, and well it made it
again obvious the modified SSL warning are a failure.
Firefox 2 tried to explain the error to user, which even if *really* far
from perfect, at least made it often possible to understand why the
Firefox was wrongly raising an error, so was better in term of the user
trusting the report, and not just starting IE to get to the site instead.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto