Xplo Eristotle wrote:
> Ian McGreer wrote:
>
>> I'm sorry, but I feel that I'm missing the motivation for this thread.
>> I have been using Mozilla with PSM2 for a couple weeks now, and I am
>> able to use secure sites found during general web browsing with a
>> minimal amount of UI.
>
>
> As it *should* be, Ian. But see, now I have Ben here telling me that I'm
> not competent to do this, because I have to understand certification and
> how SSL works and so forth. Frankly, I think that you're right and he's
> wrong,
I don't think Ben and I are saying different things. Ben points out
cases where we do need additional UI and asks how we should handle
those. What if the server supports different ciphers than your client?
What if you don't have the CA cert that signed the server cert? These
are problems that require a decision from the user, and I agree we need
to show these notifications with as little UI as possible, but with a
sufficient amount of explanation. For example, as Ben mentioned, to
fully understand the last warning the user would need to understand (be
informed about, if neccessary) certificate trust and what it implies.
My point was simply that PSM does not interfere with ordinary web
browsing by tossing a bunch of confusing UI. If you do need to do
something out-of-the-ordinary, you're going to have to deal with some UI.
-Ian
