On Sunday 19 June 2005 02:42, Heikki Toivonen wrote: > Michael Vincent van Rantwijk wrote: > > 4. The Mozilla Foundation wants an anti phishing tool that will most > > likely only be noticed when you turn your monitor up side down i.e. in > > the status bar instead of the location bar! > > If Mozilla Foundation and Mozilla developers could change the world > opinion, the location bar would be where all the security indicators > would show up and it would be impossible to hide by web pages. > > That was actually tried. But the web developers (you know, the people > that design the pages that other people then view in browsers) cried so > loudly that the decision had to be reversed. The only thing so far that > they grudgingly accept is a status bar and title bar that can't be > controlled by the web pages. > > So that is why the status bar and title bar are the only places where > security indicators can go and be available even if the site tries to > muck with things. > > We'd love to change this, of course. Now go convince all the web > developers out there, and once you've done that, we'll flip the switch > again.
Time then to go back to them and ask them what their attitude on liability for phishing is. If what you say reflects experience that is more than say 2 years old, then it's out of date. 2 years ago one could argue there was no threat. So no need to change that which worked. If the web sites that complain about the security UI have no exposure to phishing, then there is a choice to be made as to whether to protect users from phishing OR appease irrelevant web site owners. If the web sites are exposed to phishing, I'd love to hear of any that would stand up and say they want less and more obscure security indicators. iang -- Advances in Financial Cryptography, Issue 1: https://www.financialcryptography.com/mt/archives/000458.html Daniel Nagy, On Secure Knowledge-Based Authentication Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security