On 10/4/07, C. Scott Ananian <[EMAIL PROTECTED]> wrote: > On 10/3/07, Albert Cahalan <[EMAIL PROTECTED]> wrote: > > The usual "secure site" icon and "bad certificate" warnings > > have lots of problems. > > Note that security in the browser has been *extensively* studied in > academia, and there are numerous suggestions for improvements in the > literature. > > We should *definitely* not try to design an improvements ourselves > without consulting the people who have studied this problem for a long > time.
Specificly about the UI, or just security in general? UI improvements will be a lot less invasive than major changes to the security model. Think of it as buying time for the major changes. XSS and similar can be defeated later. Holding up security-related UI improvements is no good. _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
