I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection to
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection to
On 31 December 2012 10:18, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
>
> I envision a UI where users are required to approve once, whether the
> combination of a CA and a domain is acceptable to the user.
>
> The followin
On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
> * user gets confused: "what the heck is this screen"?
It's good if users are educated what is going on.
We could have a switch to completely turn this off, if the user really
doesn't care.
> * user realizes that pressing yes usually works
On 31 December 2012 11:06, Kai Engert wrote:
> On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
>> * user gets confused: "what the heck is this screen"?
>
> It's good if users are educated what is going on.
How is adding another annoying not-going-to-be-read dialog "educating" users?
> We c
On Mon, 2012-12-31 at 11:17 -0500, Eitan Adler wrote:
> Expect the user to click yes to every dialog if prompted without reading.
>
> [*] note, I am not talking about people like you or I that have an
> understanding of the implications here. I am talking about the
> typical user that studies ha
On 31 December 2012 11:23, Kai Engert wrote:
> It could be an opt-in feature, advertised through some kind of
> notification popup.
http://patrol.psyced.org/ ?
https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/ ?
--
Eitan Adler
--
dev-tech-crypto mailing list
dev-tech-crypto@
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
organization is physically located (they alr
On Mon, December 31, 2012 10:23 am, Kai Engert wrote:
> On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
> > I propose to more actively involve users into the process of accepting
> > certificates for domains.
>
> I propose the following in addition:
>
> Each CA certificate shall have a sing
Ryan,
On 12/31/2012 11:43, Ryan Sleevi wrote:
So far, the two proposals are:
1) Nag the user whenever they want to make a new secure connection. This
nag screen is not shown over HTTP, so clearly, HTTP is preferable here.
2) Respect national borders on the Internet.
If anything, the more user
Hi Kyle, happy new year.
I agree with you -users should learn-, but "showing and skipping"
still happens (I love to think each day less).
Instead of warning BEFORE openning page/conection, what about opening
in a "safe mode" and a warning toolbar (similar to blocked popup)
alerting about all this?
On 12/31/2012 07:23 PM, Kai Engert wrote:
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
org
On 2012-12-31 16:18, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
If we get away from garbage like , PKI-based authentication
becomes a natural feature for mobile devices. This in itself render
the mentioned attacks much le
On 2012-12-31 16:26, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
Although the recent CA failures cast a shadow over the web they have AFAIK
not led to any major losses for anybody.
The credit-card system OTOH is a major so
Anders,
On 1/1/2013 12:47, Anders Rundgren wrote:
Although the recent CA failures cast a shadow over the web they have
AFAIK not led to any major losses for anybody. The credit-card system
OTOH is a major source of losses and hassles. IMO the only parties
that can fix it are the browser vendor
On 2013-01-03 01:28, Julien Pierre wrote:
> Anders,
>
> On 1/1/2013 12:47, Anders Rundgren wrote:
>> Although the recent CA failures cast a shadow over the web they have
>> AFAIK not led to any major losses for anybody. The credit-card system
>> OTOH is a major source of losses and hassles. IMO
16 matches
Mail list logo
