[Standards-JIG] Re: The Great Encryption Debate

David Waite dwaite at gmail.com
Tue Aug 9 21:25:32 UTC 2005


Of course you realize Auntie needs to not just see it is in gold, but
also look to see the address she is at corresponds to where she thinks
she needs to go. This means Aunt Tillie needs to understand DNS
addressing and basic formatting of URLs :P



On 8/9/05, Nolan Eakins <sneakin at semanticgap.com> wrote:
> Jacek Konieczny wrote:
> > On Tue, Aug 09, 2005 at 02:46:08AM +0100, Ian Paterson wrote:
> >
> >>Especially since, to gain Aunt Tillie's acceptance, the default mode
> >>needs to be 100% transparent for her (like https:).
> >
> >
> > But what security gives https: to Aunt Tillie? She usually will type
> > http:// address anyway and will be only redirected to https://. She will
> > not check if the address in the location bar is right, she will not
> > check certificate details. IMHO talking about security for Aunt Tillie
> > makes no much sense. IMHO it would be better to design things for a user
> > a bit smarter than Aunt Tillie, the one who is able to get anything from
> > any security features. And then we my try to make some of the features
> > accessible to Aunt Tillie (making things less secure for her than for
> > the primary target, of course).
> 
> The "http://" redirected to "https://" is correct, but Auntie will still
> check to see if the address bar is gold (in FF) or for a little lock in
> the status bar if she's read about how to protect herself online. With
> spyware and whatnot making the news I'm sure she has got a little
> paranoid herself.
>



More information about the Standards mailing list