On Mon, Nov 2, 2009 at 11:23 AM, Mike Hearn <mh.in.engl...@gmail.com> wrote: > I'm concerned about the way Chromium displays SSL security indicators, > which this blog post reminded me about: > > http://chrome.blogspot.com/2009/10/are-you-seeing-red.html > > There have been a few studies of SSL usability and the conclusions are > that Chrome-style UI does not work. For example see Dhamija, Tygar and > Hearst: > > http://portal.acm.org/citation.cfm?id=1124861
I agree that our certificate error UI can be improved. If you have concrete suggestions, the best way to make your case is to write an academic paper and conduct a user study that shows how the new UI out-performs the current UI. Failing that, putting together a nice set of mocks and a coherent argument are good ways to make your case. One thing that we are doing in Chrome 4 is implementing Strict Transport Security, which is a security feature that lets high-security sites opt out of these error pages: http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
