Hi Matthew,
Thanks for the input. I've supplied some answers below where possible.
You ask some very good questions, but I would like to suggest that the
best way to make the most of your points is not to assume that we're
unaware of UI issues or that we don't talk to users.
More below..
Matthew Thomas wrote:
> I'm cross-posting this to m.ui.
>
> Bob Lord wrote:
>
>>You've probably already seen this page, but just in case here it is.
>>
>
> No, I hadn't seen it.
>
>
>>The My Certs pane of the CM is more complete than the others, but
>>you'll get the idea:
>>http://people.netscape.com/lord/psm/images/snapshots.html
>>...
>>
>
> Ok. Several thoughts:
>
> * Overall, these mockups look like they were designed by someone
> who is involved far too much with PSM. By that I mean they have two
> general problems:
> (1) They look like something which would make a lot of sense to
> someone who was intimately acquainted with PKI and whatever, but
> which would make no sense to someone (like myself) who knows
> relatively little about the technology involved;
> (2) They have lots and lots of UI, which is no doubt gratifying to
> those people who have done a lot of back-end work on PSM, but
> which imposes a very heavy burden on the user to include the UI
> in their mental model of how Mozilla works security-wise.
>
> This is dangerous, because the more complicated the security UI is,
> the less users are likely to understand it, and the more likely they
> are to do insecure things as a result.
If you can suggest ways to make the text or presentation easier to
digest, I've love to hear your ideas. But please don't assume that just
because you have not used these features that they're not important.
Or that no one ever would. Almost all of them are present in
Communicator and IE.
>
> This isn't a criticism of the PSM team in particular: the same
> problem is in evidence for the text encoding UI, the forms fill-in
> UI, and other parts of Mozilla, because the people involved knew too
> much about what they were doing on the back end to be able to
> present it in a recognizable manner on the front end.
>
> * Ultimately, the Security Manager should have one (1) window, not
> three; and it should have one (1) preferences panel, not five.
I'm not sure what you mean by the Security Manager. Do you mean the
Certificate Manager? Or are you advocating a combined design like the
Security Advisor in Communicator?
I
> don't yet know how this can be achieved (because I can't tell what
> all this UI is for), I just know that it needs to be achieved in
> order for the UI to be understandable enough to be useful.
You don't understand what these screens do, or what tasks users need to
perform, but you know they need to change. :-)
In
> comparison:
> - Internet Explorer for Mac OS has zero (0) windows for security
> details, and one (1) prefs panel (or two if you count the
> Passwords panel);
> - iCab has zero (0) windows for security details, and one (1)
> prefs panel;
> - Opera has five (5) dialogs for security details (but hey, that's
> Opera for you), and one (1) prefs panel.
> This should give you food for thought.
I'm not sure what you mean by "security details". Are you
referring to the Certificate Manager? Does that mean that you cannot get
or view your personal certs with Mac IE, can't see CA certs, for
example? I'm wondering if IE for the Mac has all the features of IE for
Windows. Maybe MS dropped some features on the Mac version?
We will put SSL status information into the Page Info page (that pane is
already in), but that's not on the mockup pages, so I don't that's what
you had in mind.
>
> * You need to decide whether all these are windows or dialogs. If
> they're windows, they can't have `Close' buttons. If they're
> dialogs, they *still* can't have `Close' buttons (they should have
> `OK' and `Cancel' buttons instead), and nor should they have close
> boxes. Either way, that weird `[ Help ] [ Close ]' arrangement at
> the bottom *has* to go.
Good input. There's work to bring these in line with the other dialog
boxes. And I believe you've filed a bug on this so we can be sure to
track that progress.
>
> * What is the Device Manager for? How does it help me in browsing the
> Web? Is it necessary at all? If so, why can't I tell how necessary
> it is just by looking at it?
I'm least happy with the Device Manager. It needs help.
The Device Manager is the way you manage and troubleshoot your smart
cards and other similar tokens. When things are working correctly with
your smart card, you don't need to go here. If things are not working
correctly, however, you'll need to a way to see which modules are
loaded, and which tokens are present.
It's possible that the hardware drivers are not loaded correctly.This
screen should answer the question "Which drivers are loaded?". Another
common problem is that PSM can't "see" the hardware because it's not
installed correctly, or because the user didn't insert the smart card
all the way. Here, it should answer the question "Which smart cards are
plugged in?".
>
> * What are the `Allow device to perform these functions: [ ] RSA
> [ ] RC2 [ ] DES [ ] SHA-1 [ ] MD2 [ ] RNG [ ] DSA [ ] RC4
> [ ] MD5' checkboxes for? Why would I want to turn any of these off?
> How would turning them off help me in browsing the Web? Why, when I
> look at them, do I get the impression that I'm looking at the UI for
> a 1970s-era mainframe computer, rather than a 21st-century Web
> browser?
Different token manufacturers build in different capabilities into their
tokens and drivers. There are some operations which the token must
perform in order for the function to work (like in the case where the
keys are stored on the token) or to conform to certain standards.
These items could easily be moved to an "Advanced" window since a
user would not touch them very often. And given how much time we have,
we may not be able to get to them at all.So we may not have to worry
about it.
>
> * What are the `[ ] Enable SSL version 2 [ ] Enable SSL version 3
> [ ] Enable TLS' checkboxes for? Why would I want to turn any of
> these off? How would turning them off help me in browsing the Web?
> Are they just there to show off the various things which PSM can do?
> If so, do you think that function could perhaps better be fulfilled
> by some articles on the mozilla.org site than by scary checkboxes in
> the UI?
You might want to turn off TLS if you encounter a web site that is
"TLS intolerant". See http://bugzilla.mozilla.org/show_bug.cgi?id=59321
for more information. You might want to turn off SSL2 because it's an
older, possibly weaker protocol.Like most prefs, you probably just leave
it alone.
You you think that SSL is more scary than proxies or caches? I don't.
>
> * Why do you include fields for the number of characters, symbols,
> numbers, and upper-case characters in a password? Do you assume that
> the user can't count? Are these fields going to be updated onblur,
> in which case they'll be inaccurate while the user is typing? Or
> are they going to be updated as the user types, in which case
> they'll be distracting?
It changes as you type. Try it out.
Users choose weak passwords. But unless they get feedback on what's
"worse" and what's "better", they're not going to improve the quality of
their passwords. This is important because this dialog allows you to
change your "Master Password". The Master Password protects your web
site names and passwords if you select the "Encrypt Sensitive Data"
option. It also protects your private keys (if you have obtained
personal certs).
I'm open to suggestions on how to give people real time feedback in a
way that's simple to understand.
>
> * What are all the checkboxes in the Cipher Viewer for? Why would I
> want to turn any of these off? How would turning them off help me in
> browsing the Web? ... Etc, etc.
You would want to turn off a cipher if some clever math wiz was able to
find a flaw with it. This does happen from time to time. You might also
want to turn off the low-grade encryption ciphers to make sure you're
only using the high-grade crypto.
>
> * If you would regard one of these windows or prefs panels as being
> the most expendable, which would it be? Why?
We can live without the SecureMail panel until S/MIME is baked. ;-)
>
>
>>Thanks for your help,
>>...
>>
>
> No problem. But as I mentioned in the tracker bug, you should have done
> this *much* earlier than now.
>
>
I first posted this information in November, and the UI team at Netscape
has been involved from the start. And some of these items (like the
password changer) have been in for weeks. I'm afraid you're the one
late to the party, not me. :-)
All kidding aside, I do appreciate the input and the bugs reports. I'm
glad we're getting more feedback from people. More of this UI will be
landing in the next couple of days, so you should be able to play with
these items yourself.
Regards,
-Bob
--
Bob Lord
Director, Security Engineering
Netscape Communications Corp.
http://www.mozilla.org/projects/security/pki/
http://people.netscape.com/lord/jobs
