Peng wrote:
That may instead annoy them sufficiently that they switch back to IE, if they need to visit the site a lot. Personally, I didn't used to think to contact a website if there was a problem. I just ignored it or went to another website or spoofed my user agent or something.
Putting up a number in the status bar should be sufficient. If you want to go over the top and actually warn the user that 40 bit crypto is less than optimal, then put up one of those red bars with the little X on it. Popups should only be used for things that demand attention, and 40 bits is 40 bits better than 0 bits, so no attention is needed for infinitely preferable security.
(OTOH, something like SSLv2 v. SSLv3/TLSv1 is stopping people elsewhere using crypto. Stopping people using crypto should be a hanging offence. Come the revolution, they will be the first against the wall...)
iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security