On 081018 at 20:30, Nelson B Bolyard wrote:
> FF3 had utterly failed to convey to her any understanding that she was
> under attack.  The mere fact that the browser provided a way to override
> the error was enough to convince her that the errors were not serious.

I find it amazing that someone shows this level of ignorance but then
manages to file a bugreport... :-)

> KCM would not have helped.  If anything, it would have reduced the pain
> of overriding those errors to the point where the victim would never have
> cried for help, and never would have learned of the attack to which she
> was a victim.

> The question is: how can FF3+ *effectively* protect users like her from
> MITM attackers better than FF3 has already done?

Personally, I like the idea of a 'safe mode' in the browser. Safe-mode
is very visible, provides limited scripting and https-only to a defined
set of sites. If mom wants to go banking, she's been told she has to
activate safe-mode. Otherwise banking is insecure.

It is some action that the user initiates, she tells the program when
some critical operation starts and ends. If she has to exit safe-mode
to go to a bank then that is a very obvious decision to test her luck.

> Is removal of the ability to override bad certs the ONLY effective
> protection for such users?

No. Vista/IE7 seems to ship with various scripting deactivated by
default. So what happens? The page worked before, now it doesn't.
Thats clearly a problem of the stupid new computer. So we ask the
neighbour's kid to solve this and everything 'works'...

I do though would like some sane alternative for people who are aware
of the certificate stuff. The possibility to chose Yes/No/Ignore with
one click and to optionally display certiciate details plus KCM info
instead of a verbose warning.

dev-tech-crypto mailing list

Reply via email to