On 5/18/2010 12:15 PM, Eddy Nigg wrote:
On 05/18/2010 09:44 PM, From johnjbarton:
....
The better model begins by abandoning the "security-vs-convenience"
mindset. Security should be about the maximum actually and effective
security experienced by users. Our reaction to users clicking through
the cert dialogs and being exposed to attack should be "we failed",
not "users have poor judgment".
I think I start to agree with you - so what is it that you are proposing?
1) A shift by the security experts on this newsgroup to view challenges
to their approach as opportunities to improve security solutions,
(concretely I object to being a labeled on the "security-vs-convenience"
line),
2) Openness and encouragement of better API and UI for mozilla security
solutions (concretely your fabulous resources are effectively out of
reach for JS developers, it's a real shame)
3) Engagement with some of the research groups in usable security,
(concretely, if you express willingness, I will encourage some to
describe there projects here or in another forum if you prefer and would
participate).
jjb
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
