On Mon, Aug 02, 2010 at 11:29:32AM -0400, Adam Fields wrote: > On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote: > [...] > > 3 Any security system that demands that users be "educated", > > i.e. which requires that users make complicated security decisions > > during the course of routine work, is doomed to fail. > [...] > > I would amend this to say "which requires that users make _any_ > security decisions". > > It's useful to have users confirm their intentions, or notify the user > that a potentially dangerous action is being taken. It is not useful > to ask them to know (or more likely guess, or even more likely ignore) > whether any particular action will be harmful or not.
But users have to help you establish the context. Have you ever been prompted about invalid certs when navigating to pages where you couldn't have cared less about the server's ID? On the web, when does security matter? When you fill in a field on a form? Maybe you're just submitting an anonymous comment somewhere. But certainly not just when making payments. I believe the user has to be involved somewhat. The decisions the user has to make need to be simple, real simple (e.g., never about whether to accept a defective cert). But you can't treat the user as a total ignoramus unless you're also willing to severely constrain what the user can do (so that you can then assume that everything the user is doing requires, say, mutual authentication with peer servers). Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
