CarlosRivera wrote:
If folks don't know to look and demand https in sensitive situations, then it is unlikely that the browser can help those folks much in this regard. I know that there are dialogs boxes that popup asking are you sure you want to submit form data over a non-secure channel (or something similar). I would imagine that most people choose the I know what I am doing, don't bother me about this again button. Perhaps this dialog box keeps bugging folks and the only way to turn it off is via about:config. If they are smart enough to figure out about:config setting, then hopefully they should be smart enough to know to look for https.
<snip/>
...The emphasis these days is on non-popup and non-offensive
security advisories. Something like the new Firefox bars that slot down the bottom or top when a new plugin is required:
they are perfect.
If these new bars slotted in, saying something like "new SSL site, do you trust this one?" then the user can keep browsing leaving the bar untouched, can delete the bar, or can enter the 'trust' information. Without having to feel beset upon by the gremlins of popups.
Hm, but a Browser Info Message cannot be used, because it will be overwritten when a popup is blocked!
/HJ _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
