On 081018 at 20:30, Nelson B Bolyard wrote: > FF3 had utterly failed to convey to her any understanding that she was > under attack. The mere fact that the browser provided a way to override > the error was enough to convince her that the errors were not serious.
I find it amazing that someone shows this level of ignorance but then manages to file a bugreport... :-) > KCM would not have helped. If anything, it would have reduced the pain > of overriding those errors to the point where the victim would never have > cried for help, and never would have learned of the attack to which she > was a victim. > The question is: how can FF3+ *effectively* protect users like her from > MITM attackers better than FF3 has already done? Personally, I like the idea of a 'safe mode' in the browser. Safe-mode is very visible, provides limited scripting and https-only to a defined set of sites. If mom wants to go banking, she's been told she has to activate safe-mode. Otherwise banking is insecure. It is some action that the user initiates, she tells the program when some critical operation starts and ends. If she has to exit safe-mode to go to a bank then that is a very obvious decision to test her luck. > Is removal of the ability to override bad certs the ONLY effective > protection for such users? No. Vista/IE7 seems to ship with various scripting deactivated by default. So what happens? The page worked before, now it doesn't. Thats clearly a problem of the stupid new computer. So we ask the neighbour's kid to solve this and everything 'works'... I do though would like some sane alternative for people who are aware of the certificate stuff. The possibility to chose Yes/No/Ignore with one click and to optionally display certiciate details plus KCM info instead of a verbose warning. /steffen _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
