Ian G wrote: > In general a security system requires human > involvement to be strong.
Of course. Humans are always involved (or at least in the browser context). But that doesn't actually say anything. > If we accept that, then whatever is offered for > users that use zero effort would therefore not be > strong. This matches current experience. This does not follow from above. > If we want to make the current security model > strong, then, we'd have to bring in the user > element. Ask users to do something. Not necessarily. Also, asking the users to do something is also so vague as to be near useless. If we assume (for argument's sake) that you really meant: ask the user to input something, then we can show that this is not necessary in all schemes. Let's say that whenever a new Firefox profile is created, the chrome background gets a watermark that is random. Now every Firefox user would have different UI. If a webpage tried to display chrome parts, it would be obvious it was different from the regular chrome. We didn't need to ask the user anything, and this scheme brought in a little bit more security. I am not saying we should implement this, just pointing out that there are ways to potentially improve the situation without requiring the users to input any data. -- Heikki Toivonen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
