On 05/18/2010 05:54 PM, From johnjbarton:
I mean that starting a design from the point of view that the users have faulty judgment will almost certainly lead to software that fails.
That might be correct, however your assumption that this was the point of view at the beginning is entirely incorrect. You probably should go back some 10 to 15 years and remember what the implementation was back then... THAT was the starting point (of view).
In fact, both the security system designer and the users are humans with entirely equivalent ability to make judgments.
...and both have learned to understand each other. Clearly the old-school design of an assumed user understanding entirely failed and those hints in form of non-intrusive pad locks and click-through warnings utterly failed to protect the average user.
stupid users, they would pick dancing pigs because they are so stupid, while we, sage security folk, would know to pick security.
The only stupid here is who calls users stupid in first place. They are not, but neither are they trained PKI specialists and most likely you aren't either.
If users choose to disregard or subvert security systems, the problem is with the system.
If users really would disregard the current implementations of the browsers, why is then a certain group up in all arms? Why are you opposing it if it's simply disregarded?
I suspect exactly because the average users aren't disregarding the security errors and it's a problem for those which want the "freedom" to use their home-grown weed. Except that security ends there.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
