Tyler Close wrote: >>Maybe you weren't paying attention, or maybe the word input is not as >>precise as I thought it is. I said *input* - meaning the user must >>enter some data to the system. > > Ah, I see. So if we demand users memorize and verify identification > credentials, instead of providing the user with a way of writing down > a reminder note, we have reduced the user's "input" to the system. > According to you, this is a desireable outcome, and all dissenting > solutions should be disqualified.
I said no (or minimal) input from user is desirable. I also said the system should be easy to use, and further qualified ease of use that should have made it clear covered the case you want to lump with input. Minimizing user input is desirable, but it of course must be balanced by other aspects. I never said any solution should be disqualified, although I would think the idea of the criteria is to help decide which would be accepted and which rejected. Note that even with those rules petname could pass, because "minimal" and "easy" leave room for negotiation. > I find your classification of typing as "input", but detailed > cross-checking before proceeding as not "input" arbitrary and grossly > misleading. Do you have a user study, argument, or anything at all to To repeat: input is separate from ease of use. We should be precise with our terms so that we can accurately compare and debate different solutions. If you want, break "ease of use" down further for the criteria. But detailed user doing cross-checking is not input into the program. I think breaking down the combined user effort is important, because different action types are experienced differently by users, and some would be used more (be more effective) than others. >>The SSL system is not always easy to use, like you noted, > > No, the current SSL UI is *never* easy to use. I challenge you to > provide even a single counter-example. Ok, for example if you always type the URL to go to your bank's SSL site, or use a bookmark. If you have a lock icon in lower-right hand corner (and don't get any SSL warning dialogs), you know you are at the right place. And if a user ignored the SSL warning dialogs or the lock icon, I bet they would just as easily ignore petname. Of course, there is the case of what happens if the bank changes it's pages so that it redirects to a new site. The petname tool will say it is untrusted. The user would need to contact their bank to verify and I doubt they would do it - too much work. And it could be argued that if the bank's site was hacked to do the redirect, then the hackers would probably be able to get the data even without a redirect, so neither current SSL or petname would help. -- Heikki Toivonen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
