Jean-Marc Desperrier wrote, On 2008-10-20 01:50:

> As has *already* been reported on this group, *many*, *many*, *many* 
> users did not fill a bug report until now and switched browser instead.

OK.  So, many users who have been MITM attacked chose to defeat their
protections, and switch to a product with less security.  Shall I weep?

They choose to make themselves vulnerable to their attackers.
Shall I regret that they were less vulnerable with my product?

They switch products, and they suffer consequences.  Does that mean that
we should strive to ensure that they suffer those consequences with our
product also?

If I were a maker of locks, or a bank executive, and people began to
reveal that they switched from my locks/vaults to the competition,
and then were robbed blind, would I be incented to lessen my security?

Should I say "Oh, come back to my bank!  We've made it easier for robbers
here, too!"  ??

> You have found the very single user knowledgeable enough to fill a bug 
> report instead of switching browser. The mozilla community absolutly 
> *needs* to understand this is *not* the standard behaviour until now. 
> The standard behaviour of users has always been to switch browser and 
> not report anything.

Yes, and apparently, you think we should change Firefox so that not even
this user would detect or report her attack.
dev-tech-crypto mailing list

Reply via email to