So what this suggests is a principle of the warning dialog being dominating. That is, if the user clicks through any warning dialog then there is no more protection.
Defence in depth is not employed. OK, that would be useful if there were a compelling reason here. I would be uncomfortable with that as a principle, as it would lead to a fairly clear line of attack.
That's a fair point. I'm certainly not arguing we shouldn't do better if we can. And I think, given the discussion we have just had, we probably could.
Are there any other options other than * and |? Which standard covers such things?
On another front, did you see today's blog posting about HCI/usability/KDE?
No... whose blog? When asking such questions, including a link is often helpful ;-)
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
