On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct security decisions, then there would be no phishing.
It positions the designer as a superior being and the users as cattle to be herded in directions deemed important by the designer.
Not at all. Saying that someone is wrong is not a statement about their personal worth.
In fact, both the security system designer and the users are humans with entirely equivalent ability to make judgments.
An equivalent ability to make judgements, or an equivalent ability to make _right_ judgements about computer security (which is the point at issue)?
Gerv -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
