I have some comments about this request, but I'm not sure inside the bug
is the best place. Anyway the bug is about implementing some things that
have been discussed here recently.
I'm not convinced by the "let's add another warning" side of this bug.
Especially when I see the reporter suggesting to put it inside a pop-up
dialog.
Dialog have proven until now they don't work, so why would this one by
any different ?
It works well for SSH, because you decide what machine you connect too,
and you keep connecting to the same set of machines, so when that dialog
pops up, it rings a bell. Also the population of SSH users is *not*
*exactly* the general population.
Now the problem about SSL is that in most cases, you don't choose where
you do an ssl connection, when you want to buy something, it's the
sellers who chooses the secure site, same for entering password, etc...
So in that case, when the seller tells you "go to that site for the
transaction", what use will be the warning ? Users will get used to
seeing regularly that annoying warning, and to click through it or
ignore it.
Sometimes they will click on a link expecting that link to lead to a
site they trust because they know it well, and there it's important to
have the message, but how does the browser know *when* that happens ?
Because if it outputs this warning too often, people will stop reacting
to it.
And will the average user react appropriately ? : "Why the hell is
Firefox telling me it's the first time I go to ebay.com, they really
have a bug !"
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
- Re: about bug 286107 : Remember visited SSL details a... Jean-Marc Desperrier
- Re: about bug 286107 : Remember visited SSL deta... Gervase Markham
- Re: about bug 286107 : Remember visited SSL deta... Jean-Marc Desperrier
- Re: about bug 286107 : Remember visited SSL deta... Heikki Toivonen
- Re: about bug 286107 : Remember visited SSL deta... Ram A M