On 02/24/2009 01:47 PM, Ian G:
Right. This can also be seen as evidence that secure browsing has not protected the users, because it was so easily bypassed.
Or....the price to stage an attack using SSL is still considered too high. It's rather a point for SSL than against IMO.
If the security is "too hard to use" and therefore delivers less security, we should be making security easier to use.
Where do you see the problem exactly? Is it hard for a user browsing to a web site when in SSL mode? I guess not...
...better indicators when submitting information via pain text should always prompt (that's a settings I have at my browser and it's astonishing how many times I must confirm or deny the information to go through). Negative indicators whenever a user interaction happens in plain should be made more clear, certainly when the password field type is used in a form, but not only.)
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
