On 2010-06-04 19:21 PDT, TEO Tse Chin wrote: > I encountered an expired cert for an IMAP (STARTTLS) server from an > ISP. While I've followed up with the ISP about the expired cert, > there was something about Thunderbird's behavior that caught my > attention. > > In the "Add Security Exception" dialog box, the checkbox for > "Permanently store this exception" was checked by default. Given > users' tendency to click-through security warnings, would it not > perhaps be better for that box to be UNchecked by default?
No. This was deliberate. Users' tendency to click through without reading the warning/error first is a direct function of the frequency with which the user experiences the error. It's that frequency that is the enemy. The idea is that the way to get users to pay attention to errors is to make them infrequent. Showing the user the SAME error over and over is the worst thing to do in terms of conditioning him to ignore all similar errors. So, we did what we could to minimize the frequency. > That way they'll get a warning each time, and more likely to go bug > their service provider to keep their certs up to date. Actually, they're more likely to ignore it. > Tse Chin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
