Anthony G. Atkielski wrote:
CarlosRivera writes:
If folks don't know to look and demand https in sensitive situations,
then it is unlikely that the browser can help those folks much in this
regard.
Security starts with the user. The more clueless the user, the more
difficult it is to provide any useful security, since the user will tend
to use the default configuration in situations for which it is insecure,
as well as in situations for which it is too restrictive. And since
clueless users see only features, not security, if they are given the
opportunity they will always breach security in favor of features.
This is correct, security does start and end
with the user. A security model that doesn't
include the user is generally thought to be
easily beatable.
But the user generally only uses the tools
without change to configuration. Even expert
users do not take the time to fiddle with the
paramaters. Like me. Indeed, I make it a habit
to not configure my tools; as I want to see how
the user experiences things.
So the challenge is to provide the product in
a mode that is secure, but has the features
that win.
That's a challenge. It does mean that we have
to be very very cutting as to what is a good
feature and what is good security - both have
to compromise.
As an example, I'd say click links in email are
features that are must-haves, regardless of
security. Yet, the browser can warn about
the consequences. But not with popups - we
know that doesn't work if there are too many
of them.
And, on the side of compromising security,
only validated threats should be considered
as must-fixes. This means that theoretical
threats should be treated as optional.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
