On 30/1/09 13:25, Jean-Marc Desperrier wrote:
Ian G wrote:
Ian G wrote, On 2009-01-29 10:01:
[...] when firefox trips
over a cert, it could show something like that.
| There is a problem with this cert!
|
| ==> *The cert was not issued by a known CA*<==
| The cert has expired or is not yet valid
| [...]
...
* if you show a selection of items, then the user tends to read the
actual selection, read some of the others, and then think about what
that means.[...]
I'm not convinced still that « not issued by a known CA » would mean
anything for Joe Shmoe. And that's the target we should aim for.
I don't disagree; my words above were definately edited for brevity and
understanding by this audience, not the end-user.
How we convey that meaning to the end-user who does not understand what
it means is a big problem, yes. It's a big challenge for Mozilla. My
view is that eventually Mozilla has to do that, whether it does it this
year, or in 10 years, it will eventually have to convey that info to the
user who right now doesn't really want to know about it.
Don't take it wrong. I'm strongly in favor in bringing information, but
finding what information will be actually useful is *hard*.
Oh, yes. That's why I *strongly and vociferously* support the
experiments that have been conducted by Johnathan and in the past, Gerv,
in order to search for the way that works with users. Only by a mix of
careful thought and rough & tumble in the userspace will we find the path.
Maybe the best is a link to an on-line help ressource that will help Joe
Shmoe understand that a caCert issued cert on a Debian ressource site is
not a big deal, but that this self-signed cert on a home equity loan
site that ask him his bank account info *is*.
Certainly, we can outsource the tricky bits to a web page.
(In my mind, I see the real end-users not clicking on that, but clicking
over to their voice-chat program, and getting their pet techie on the
line. "Hey, bro, what's the difference between CA-not-trusted and
you-can't-rely-on-self-signed? what's this mumbo jumbo that Firefox is
telling me?")
The best solution will still be as much as possible be to not bring out
a warning if there's not actually an attack : "Don't cry wolf" !
Because of the bayesian problem, I believe there is no way to avoid the
"don't cry wolf" dilemma. So, in essence, the path is to bring out the
info, and create some sort of shared approach between the user and
Firefox, working together.
Real security begins at the application and ends at the mind. Which is
to say, it is end-to-end, not discrete components. Which is another way
of saying, sooner or later, the user has to enter into the security system.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
