Peng wrote:
That may instead annoy them sufficiently that they switch back to IE, if
they need to visit the site a lot. Personally, I didn't used to think
to contact a website if there was a problem. I just ignored it or went
to another website or spoofed my user agent or something.
Putting up a number in the status bar should be sufficient.
If you want to go over the top and actually warn the user
that 40 bit crypto is less than optimal, then put up one
of those red bars with the little X on it. Popups should
only be used for things that demand attention, and 40 bits
is 40 bits better than 0 bits, so no attention is needed
for infinitely preferable security.
(OTOH, something like SSLv2 v. SSLv3/TLSv1 is stopping
people elsewhere using crypto. Stopping people using
crypto should be a hanging offence. Come the revolution,
they will be the first against the wall...)
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
