Ian G wrote:
In general a security system requires human involvement to be strong.
Indeed - but it doesn't necessarily have to all be the user's involvement.
If we accept that, then whatever is offered for users that use zero effort would therefore not be strong. This matches current experience. If we want to make the current security model strong, then, we'd have to bring in the user element. Ask users to do something.
Sure. But that something could be (in an ideal world) as simple as glancing at a red/green (yes, yes, I know) traffic-light indicator which said whether the site was suspicious or not.
The user has to do something, but it doesn't necessarily have to involve typing, clicking or downloading anything.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security