Ian G wrote: > Peng wrote: > >> That may instead annoy them sufficiently that they switch back to IE, >> if they need to visit the site a lot. Personally, I didn't used to >> think to contact a website if there was a problem. I just ignored it >> or went to another website or spoofed my user agent or something. > > > > Putting up a number in the status bar should be sufficient. > If you want to go over the top and actually warn the user > that 40 bit crypto is less than optimal, then put up one > of those red bars with the little X on it. Popups should > only be used for things that demand attention, and 40 bits > is 40 bits better than 0 bits, so no attention is needed > for infinitely preferable security.
Gervase pointed out that using absolute numbers could be a bad thing, as you'd have to keep training users when a new standard was made, so why not use percentages instead... This certificate is 50% good (128/256) or 15% good (40/256) then you just alter the top number, or even subtract for bad protocols, I'm sure people would get the idea pretty quick and it would be consistent, even when things change in future... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security