Gervase Markham wrote:
Ian G wrote:
Yes, I'd say that is the issue. Bear in mind that
this is *not* happening now as it is too easy to
attack without using SSL at all.
Indeed. There has to be a minimum level of user education - that's
unavoidable. What we are trying in Firefox is to get people to look at
the status bar. Currently, the UI to look at is the lock and the
domain name. In the future, there may need to be a little more, but we
should keep the amount to a bare minimum.
'bare minimum' ... your thinking is possibly influenced
by the popup experiences of the past. Which were of
course pushed into the direction of "less is better."
Consider logos. Consider pictures. And above all,
consider their presence as not being dominating like
a popup, but more like a banner add that users just
let the back of their minds absorb, and the front of
their minds ignore.
One way to consider it is more like the new Flash
bar that pops into play whenever I hit a Flash site.
It's a funny colour, but it's not a popup and I don't
need to pay attention to it. My mind has already
absorbed that information and knows to just ignore
it and carry on browsing.
So, if a Flash plugin can demand some real estate,
why can't an SSL connection?
iang
PS: I run FreeBSD, there is no Flash plugin or none
likely to work... But at least now I'm not slapped
around the face every time I hit a site that insists
on pumping Flash at me. Thanks guys!
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
