On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
Edward Felten says, given the choice between
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be false positives.
Although he now admits that
On 05/18/2010 02:48 PM, From Gervase Markham:
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be
On 5/18/2010 4:44 AM, Gervase Markham wrote:
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do
not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
designer is saying The user, by selecting my
On 5/15/10 10:48 AM, Nelson B Bolyard wrote:
On 2010-05-15 01:35 PDT, Wan-Teh Chang wrote:
On Fri, May 14, 2010 at 11:18 PM, Nelson B Bolyardnel...@bolyard.me wrote:
I looked through PSM for such a warning briefly. I found a warning for
sites that use symmetric encryption of strength= 90
On 5/18/2010 9:08 AM, Marsh Ray wrote:
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
On 05/18/2010 05:54 PM, From johnjbarton:
I mean that starting a design from the point of view that the users
have faulty judgment will almost certainly lead to software that fails.
That might be correct, however your assumption that this was the point
of view at the beginning is entirely
On 05/18/2010 09:44 PM, From johnjbarton:
The designer here is asserting a false, one-dimensional design space
and insisting that users make a choice along this false dimension.
Actually the user doesn't have to make a choice I think. It's either
working or it doesn't. All the rest is a
On 5/18/2010 1:44 PM, johnjbarton wrote:
The designer here is asserting a false, one-dimensional design space and
insisting that users make a choice along this false dimension.
Yep.
But be a little sympathetic. We all have models of reality that are
insufficiently dimensional.
As long as
On 5/18/2010 12:15 PM, Eddy Nigg wrote:
On 05/18/2010 09:44 PM, From johnjbarton:
The better model begins by abandoning the security-vs-convenience
mindset. Security should be about the maximum actually and effective
security experienced by users. Our reaction to users clicking through
On Tue, May 18, 2010 at 11:16 AM, Kathleen Wilson
kathleen95...@yahoo.com wrote:
So, is it the case that PSM is not actually checking for 512-bit certs?
Yes, I confirm that's the case. Nelson and I didn't find the
code or the bug report for checking for 512-bit certs.
I just created a test
On 05/18/2010 10:37 PM, From johnjbarton:
1) A shift by the security experts on this newsgroup to view
challenges to their approach as opportunities to improve security
solutions, (concretely I object to being a labeled on the
security-vs-convenience line),
not sure if this isn't
On 5/18/2010 2:17 PM, Eddy Nigg wrote:
On 05/18/2010 10:37 PM, From johnjbarton:
2) Openness and encouragement of better API and UI for mozilla
security solutions (concretely your fabulous resources are effectively
out of reach for JS developers, it's a real shame)
...but I'm certain that
14 matches
Mail list logo
