'bare minimum' ... your thinking is possibly influenced by the popup experiences of the past. Which were of course pushed into the direction of "less is better."
Not really. It seems fairly self-evident to me that the more security UI there is, the more likely users are to ignore it.
Taking it to the extreme demonstrates the point: if users have to look for a lock, check a domain name, make an assessment of their trust value in a symbol, confirm a checksum, make sure that a colour is the same, and whistle Dixie every time they make a secure connection, then they aren't going to bother with any of it.
The key is to allow them to establish as good a confirmation of the security of the connection as possible, with the minimum of mental effort. This is why some sort of logo-based trust assessment is never going to work.
"Whose logo is that? Have I seen it somewhere before? Is it that one that someone told me was dodgy? If it is, does it matter? If I've never seen it before, what do I do? I want to shop here anyway... Is it really going to matter?"
Far, far too much mental effort.
One way to consider it is more like the new Flash bar that pops into play whenever I hit a Flash site. It's a funny colour, but it's not a popup and I don't need to pay attention to it. My mind has already absorbed that information and knows to just ignore it and carry on browsing.
So you want the security information we present to be ignored like the Flash bar?
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
