Nelson B wrote:
Jan Egil Kristiansen wrote:
My click indicated that I was willing to view the site without
signature and encryption, and the browser should remind me of that
decision.
Anyone agree? Disagree?
To reverse myself (again) ... that click overrode
the security model. In this case Jan accepted
the cert. There is only a binary offering, accepting
the cert in *all* its glory and perfidy. Once accepted,
it has been accepted as being correct.
I'm not sure there is an ordinary use case where
our average user decides to carry on and override
the warning, but wants to be reminded that she
is doing something dangerous. The binary aspects
of the model are such that it's either good or its
bad; the over-ride doesn't give you that fine
distinction. If she accepts that it is bad, she hits
cancel and goes somewhere else.
Jan was operating as a more cunning technical
type and was capable of making that fine judgement,
an ordinary user wouldn't. I think if the user goes
on, then she does so at her own peril, totally, as it
is unfair of her to expect Firefox to know what's
going on....
Still, I suppose if there are a range of uncertainties,
an additional symbol beside the padlock like a
question mark wouldn't go astray.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
