On 5/18/2010 2:17 PM, Eddy Nigg wrote:
On 05/18/2010 10:37 PM, From johnjbarton:
2) Openness and encouragement of better API and UI for mozilla
security solutions (concretely your fabulous resources are effectively
out of reach for JS developers, it's a real shame)
...but I'm certain that con
On 05/18/2010 10:37 PM, From johnjbarton:
1) A shift by the security experts on this newsgroup to view
challenges to their approach as opportunities to improve security
solutions, (concretely I object to being a labeled on the
"security-vs-convenience" line),
not sure if this isn't alre
On Tue, May 18, 2010 at 11:16 AM, Kathleen Wilson
wrote:
>
> So, is it the case that PSM is not actually checking for 512-bit certs?
Yes, I confirm that's the case. Nelson and I didn't find the
code or the bug report for checking for 512-bit certs.
I just created a test server with a 512-bit RS
On 5/18/2010 12:15 PM, Eddy Nigg wrote:
On 05/18/2010 09:44 PM, From johnjbarton:
The better model begins by abandoning the "security-vs-convenience"
mindset. Security should be about the maximum actually and effective
security experienced by users. Our reaction to users clicking through
t
On 5/18/2010 1:44 PM, johnjbarton wrote:
>
> The designer here is asserting a false, one-dimensional design space and
> insisting that users make a choice along this false dimension.
Yep.
But be a little sympathetic. We all have models of reality that are
insufficiently dimensional.
> As long a
On 05/18/2010 09:44 PM, From johnjbarton:
The designer here is asserting a false, one-dimensional design space
and insisting that users make a choice along this false dimension.
Actually the user doesn't have to make a choice I think. It's either
working or it doesn't. All the rest is a work-a
On 05/18/2010 05:54 PM, From johnjbarton:
I mean that starting a design from the point of view that the users
have faulty judgment will almost certainly lead to software that fails.
That might be correct, however your assumption that this was the point
of view at the beginning is entirely inco
On 5/18/2010 9:08 AM, Marsh Ray wrote:
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
designer
On 5/15/10 10:48 AM, Nelson B Bolyard wrote:
On 2010-05-15 01:35 PDT, Wan-Teh Chang wrote:
On Fri, May 14, 2010 at 11:18 PM, Nelson B Bolyard wrote:
I looked through PSM for such a warning briefly. I found a warning for
sites that use symmetric encryption of strength<= 90 bits, but I found
no
On 5/18/2010 9:54 AM, johnjbarton wrote:
>
> I mean that starting a design from the point of view that the users have
> faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
designer is saying "The user, by selecting my
On 5/18/2010 4:44 AM, Gervase Markham wrote:
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do
not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
Ed
On 05/18/2010 02:48 PM, From Gervase Markham:
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
"For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be fa
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
"For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be false positives."
Although he now admits that l
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
Edward Felten says, "given the choice between da
14 matches
Mail list logo
