On Sat, 18 Jun 2005, Heikki Toivonen wrote: > Ka-Ping Yee wrote: > > 1. We want an antiphishing tool that does not transmit a record > > of the user's browsing activity. > Good. > > > 2. We want an antiphishing tool that occupies modest or minimal > > screen space. > Good. > > > 3. We want an antiphishing tool that is deployable without > > requiring major changes to server security infrastructure. > Any short term solution will have a requirement that says: no server > changes required. Long term everything is possible, but the less changes > the better, of course.
Right. Let's say "minimal or no changes" for now, then. If a solution does demand major changes, we're unlikely to ever get those changes to happen unless we can get it off the ground with minimal or no changes (chicken-and-egg problem). > I think a fourth point is required as well: > > 4. No (or minimal) input from user. [...] > And perhaps another point should be explicitly mentioned: > > 5. Easy to use. It seems that condition 4 can be subsumed by condition 5 -- that is, if "no user input" really is an important requirement, then it is part of "easy to use". Is that a reasonable way of looking at it? For example, if usability studies show that a given antiphishing tool is usable and effective, would you be willing to set aside condition 4 and accept that result? -- ?!ng _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security