On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote:
> 3 Any security system that demands that users be "educated",
>   i.e. which requires that users make complicated security decisions
>   during the course of routine work, is doomed to fail.

I would amend this to say "which requires that users make _any_
security decisions".

It's useful to have users confirm their intentions, or notify the user
that a potentially dangerous action is being taken. It is not useful
to ask them to know (or more likely guess, or even more likely ignore)
whether any particular action will be harmful or not.

                                - Adam
If you liked this email, you might also like:
"Some iPad apps I like" 
-- http://workstuff.tumblr.com/post/680301206
"Sous Vide Black Beans" 
-- http://www.aquick.org/blog/2010/07/28/sous-vide-black-beans/
"Sous Vide Black Beans" 
-- http://www.flickr.com/photos/fields/4838987109/
"fields: Readdle turns 3: Follow @readdle, RT to win an #iPad. $0.99 for any 
-- http://twitter.com/fields/statuses/20072241887
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff

[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to