Gervase Markham wrote:
Ian G wrote:
I'm not sure what your objection to brand is?
You continue to assert that I "object to brand". I'm well aware of the
power of branding in people's lives; I'm also aware that very often
brand perception doesn't match reality, that branding favours those with
large marketing budgets.
OK, but those are only objections to branding if
you can suggest a better way... No system is
perfect, all systems have flaws. The flaws in
the current system - security that is so trivial
to bypass that phishers don't even use SSL in
their phishing - would seem to be improved by
using branding. If the branding is only available
for HTTPS then that should help.
Several people on the list have commented that Verisign have not behaved
well as a CA. Regardless of the truth of those claims, I assert that if
CAs were strongly branded in the browser UI, and someone did a survey,
Verisign would be the brand with the highest level of trust, because
they have the marketing dollars to send that message.
Possibly. What would be more likely is that when
Verisign mucks up, then it would hurt their brand.
Now, when Verisign mucks up, they can get away with
it because their brand is not tied to the product.
There is literally no feedback mechanism from Verisign's
actions to their customers to their brand. Until that
changes, until the brand of the signer is linked in
the user's mind, expect Verisign to act as a 'bad
corporate citizen' and expect their brand to be as
good as the amount of money they decide to pay for it.
The two aren't related, and in the current situation,
it is the case that Verisign continues to be allowed
to be a bad citizen behind the protective shield of
MF's brand. If you don't like that, then change it:
fix it so the brand is linked in people's minds.
That's not my only objection, mind you - you can add that one to the
previous ones I've outlined about user confusion when something changes.
Oh, sure. I think all these are fair negative points.
But, none of them seem to be that serious, compared
to phishing. The average cost of a phishing hit is
somewhere around $5000. It's generally well in excess
of $1000, and a lot of that cost is the "rebuild credit"
cost that people have to go through. It can take a long
time and a lot of hassle.
So, when amazon forgets to tell their users that they
just switched CAs, I think that's a small thing to ask
that the users put up with that and learn about it, if
they are to avoid phishing.
Let me put it another way. What would be
the damage of putting the brand of the CA
on the chrome? What would be the hurt?
A loss of real estate?
That's one key factor. There's limited room in the status bar, and I
want to try and restrict the security UI to that area to get a good
balance between security needs and the needs of web apps. If there's
other information we want to be displaying (the words "first visit" or
"new site", for example).
Note that ideally our security UI would be fully visible on the smallest
possible popup, which I believe is either 100 or 150px wide.
Well, putting the brand in the status bar would be
nice, good, an improvement. But to be really effective
it has to be the visual / logo representation, because
we need customers to learn of its presence in a way
that words simply don't do as well. Still, any work
towards that end is welcome.
If that's the only loss,
It's not. The other loss is in increased complexity. The longer a user
has to consider the security UI, the less likely they are to bother to
look at it at all.
Sure. That's why we are suggesting brand and gfx. It is
a compressed piece of information. It's a logo sitting
on the chrome. It takes milliseconds to process, the
brain is very good at dealing with simple brand pictures
that should be there. This will be far easier than any
popup, and far easier to process than any status bar
thing.
I have to admit I really have a problem in
dealing with that, because phishing costs
a billion a year and rising.
That's a straw man - you're assuming that this will have an effect, and
it would have a greater effect on phishing than other things we could do
in that space.
Some limited research has been done on these matters
directly in the browsing field, and it supports the
use of logos and brand in a security setting. I'm
also drawing from the last several decades of security
and payments practice in hardware based tokens (cards,
etc). Logos and brand form part of the trusted hardware
security model.
So, yes, I can't predict the future. But I'm not just
suggesting these things in a vacuum.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
