21 aug 2008 kl. 14.29 skrev Peter Saint-Andre:
Remko Tronçon wrote:
But Remko's right, if we require two passwords (one for Jabber,
one for a
private key) then a lot of people will just make them the same,
completely
defeating the point. I think we'll have this problem whether or
not the
private keys are stored on the server or locally.
Exactly, and I don't think we should care. It's impossible for
someone
to have a secure communication if that person is not willing to read
and follow dialogs. It's our job to educate people the best that we
can (cfr. Firefox 3's error dialog on self-signed certificates,
Brendan's Gajim UI, ...), and if people still choose to ignore this,
that's their problem.
We should, however, never compromise security for people who *do*
care, so I'm not a fan of most of the 'aunt tilly' points in these
security threads (unless they are about *explaining* security in a
clear way to aunt tilly).
+1, well said!
Absolutely, and I want to stress the fact that good guidelines for
developers
will help here. It's easy to get lost and get confused. We need to
make a generic
set of guidelines on UI and configurations - so that we get a common
terminology
and a common user experience. Right now different pieces of software
have
different icons and use different words, so it's very hard for the
average user
to learn. And the basics are pretty basic:
- You have a confidential session for the whole conversation - point
to point
- You have a confidential connection to your server
- The identity of the sender is confirmed
- The recepient confirmed delivery of your message
etc etc
I really think we can learn from some of the failures done in the
years passed with
secure mail and secure web transactions and try to create a better
user experience.
And if someone mentions "trust" we can throw the whole CA/PKI
marketplace
at them and say: "There you go!" ;-)
/O
