Nils Maier wrote: > Identity/Authentication/Authorization and a system of trust. Like > digital signatures provide when used correctly. See RPM,DEB and signed > XPIs, where latter lacks the system of trust ATM. > But this is out of the scope of LF for now.
Exactly. And these things do not have LF's advantage of being simple to set up and entirely transparent to the user (both those with LF clients and those without). Solutions which solve the entire problem fully are not the only valid ones. To say so is to let the best be the enemy of the good. >> What would an ordinary user possibly want to do with a trojaned >> executable apart from delete it? Even giving them the option to do >> something else is dangerous. They select it to delete it but >> accidentally double-click instead of single-click and Boom! > > I don't know. OK, then game over. Our security strategy is to _reduce_ the number of security decisions a user has to take. If your argument is "there might be a good reason they should have to make this decision, but I can't think of one" then that's nowhere near strong enough. > I can access hosts with mismatched hostnames just fine (click-click). Again, not soon. > And, to repeat myself, changing that will cause a lot of trouble. > E.g. it will prevent me from accessing parts of the website of my > university. OK, the university webmasters messed up, but eventually it > would be Firefox making me to switch to another browser to access that > website. Or they'll fix it. Mismatched hostnames is a big deal - it basically means people can spoof your site. Teaching people to click through such dialogs is bad. If 20% of users suddenly can't access the site because of something that is clearly a misconfiguration (and the browser says "contact the site admin"), the admins will fix it. We have enough market share now to do that. > Same with LF. If Firefox does not let me download because the webmaster > messed up I will likely curse FX maybe curse the webmaster as well and > switch to another browser which works like it should from my POV. And get trojaned. Which is your problem, but you can't say we didn't warn you. >> http://weblogs.mozillazine.org/gerv/archives/2007/06/choice_considered_harmful.html > > Seems your readers do not fully agree with you. I didn't say they did. I quoted that URL to avoid having to repeat myself. > PS: I still insists to not claim LF had something to do with security. > They solely about noticing possible data-corruption during transfers. As I said on the blog, it's clear you and I have totally different ideas about what this is for. Thing is, I invented it - so I get to say what it's for. You can either say "It won't help with that problem", or you can say "Great idea, let's do it". But you can't say "Actually, it's for something else, so it should work this way" - because it's not for that something else. It's for what I say it's for, and stands or falls on those merits. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
