Steven Bellovin <s...@cs.columbia.edu> writes: >Peter, I'm not sure what you mean by "good enough to satisfy security geeks" >vs. "good enough for most purposes". I'm not looking for theoretically good >enough, for any value of "theory"; my metric -- as a card-carrying security >geek -- is precisely "good enough for most purposes".
Here's a real-world example of the problem I was referring to, from a discussion with some browser developers. We were going over the above issue - how to use the results of usability studies to improve the browser security UI - and I asked why, if they were aware of this work, no-one had done anything with it. The response was that "if we implement this then attackers will use XUL to spoof it, and because of that it's not even worth trying". In other words because a hypoethetical weakness existed, it wasn't even worth attempting to improve anything. Instead of trying to help at least some of the people some of the time, it was better to leave everyone unprotected all of the time. >Given the failure of all previous attempts -- who, amongst the proponents of >EV certificates, realized that attackers could and would use all-green >favicon.ico files to fool users -- I think the burden of proof is on the >proponents. But the problem with these approaches is that they're pretty much all just random tweaking of the same thing, aimlessly rearranging the UI elements in the hope that eventually something will work after (as you point out) the twenty more or less identical previous attempts have failed. For example the Firefox password-entry mechanism (a generic popup dialog with a gibberish title) hasn't changed in at least ten years (possibly even longer, I can't remember what the Netscape 2.0 one looked like any more), all that's changed is that every major release a few new bits of flair get added to the browser chrome. The "previous attempts" aren't lots of different approaches, it's the same failed approach tried over and over and over again, with slight variations over time in the hope that one of them might work. What I was advocating was trying new approaches based on ideas from UI research, not just fiddling with the chrome in the hope that this time it'll finally start working. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com