Julien Pierre wrote:
[...]
I guess I am the only one in the world who has that option turned on, the dialog does come up for every one of my google search and other posts. And I know to watch for it when I submit sensitive data. It has come up on a few occasions. In Mozilla, the dialog is on by default.
> [...]. Perhaps we should have another dialog explaining to the user
in plain english but with more detail what they are really doing by disabling this option, with a second confirmation dialog. It should stay enabled.
Nope. We need a better, less intrusive solution in terme of GUI.
This one will always be disabled by users in 99% of cases and saying they're stupid will not change that.
A really working system can only be an advance warning it seems.
The "lock" icon is probably in the right direction to do this, but is unfortunately completely inedequate (it doesn't tell you at all if the form will go to an encrypted page).
Maybe we need a lock inside the form entry ?
With a different visual aspect based on the level of security ?
But then we'd need a way to forbid a page to simulate the same behaviour using dynamic html.
Maybe the trick would be instead to use a visual warning the form is unsafe, it would be a lot easier to make sure this warning can not be removed by dynamic html.
Ultimately what it comes down to is : we want checks and warnings if the user is entering sensitive and/or financial information, and we don't want them in other cases.
There is no automatic way for the browser to distinguish the correct behavior when a user connects to a particular server. The option is currently set on a global basis.
Perhaps we should have a better system of policy selection than a global preference buried in a menu.
Maybe it could be a frame for the browser window : red means no insecure submission check, green means check. The user would be able to open either type of window, which would set the policy to warn for everything that happens within it. He would have the ability to start either type of window (start sensitive browser window ? start regular browser windows) or toggle the policy (strict / not strict) which would be clearly marked by the frame color.
The policy could also be saved as attribute for each URL in the bookmarks file, so when you go to your bank, it can force the policy to strict (and at the same time show it with the appropriate frame color). And for thing like google you could bookmark it with the non-sensitive policy (add bookmark would save the current policy).
Of course the visual indicator could be something else than the frame color ... But it needs to be prominently visible.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
