On Sunday 19 June 2005 02:36, Heikki Toivonen wrote: > Ian G wrote: > > In general a security system requires human > > involvement to be strong. > > Of course. Humans are always involved (or at least in the browser > context). But that doesn't actually say anything. > ....
> If we assume (for argument's sake) that you really meant: ask the user > to input something, then we can show that this is not necessary in all > schemes. > > Let's say that whenever a new Firefox profile is created, the chrome > background gets a watermark that is random. Now every Firefox user would > have different UI. If a webpage tried to display chrome parts, it would > be obvious it was different from the regular chrome. > > We didn't need to ask the user anything, and this scheme brought in a > little bit more security. > > I am not saying we should implement this, just pointing out that there > are ways to potentially improve the situation without requiring the > users to input any data. Sure, absolutely. That is effort and involvement. This is like that other paper you posted about recently. Input is only one form of involvement. There are other ways. That's what we have to accept - the user has to notice and involve herself in the security process for it to be strong. She has to learn and monitor the watermark that was generated at the first time. It's mental effort not typing effort but it is still a cost. This is essentially what I've been saying all along - the most efficient way for users to be involved with the security process is by means of logos - which are akin to watermarks. Graphical displays are a very efficient way to get info to the user. You will see this in the way that Trustbar presents the CA's logo. To drift into comparisons this is why I personally prefer Trustbar's directions over say Petnames. But, frankly, my opinion on that isn't worth a damn, and I'll support them both out in the field and we'll see what users like. Either is good enough to try. I really don't care if I'm wrong, as long as someone who's right gets a chance to try. iang -- Advances in Financial Cryptography, Issue 1: https://www.financialcryptography.com/mt/archives/000458.html Daniel Nagy, On Secure Knowledge-Based Authentication Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security