[Standards-JIG] Re: The Great Encryption Debate

Hal Rottenberg halr9000 at gmail.com
Tue Aug 9 23:05:23 UTC 2005


On 8/9/05, Jacek Konieczny <jajcus at jajcus.net> wrote:
> On Tue, Aug 09, 2005 at 02:46:08AM +0100, Ian Paterson wrote:
> > Especially since, to gain Aunt Tillie's acceptance, the default mode
> > needs to be 100% transparent for her (like https:).
> 
> But what security gives https: to Aunt Tillie? She usually will type
> http:// address anyway and will be only redirected to https://. She will
> not check if the address in the location bar is right, she will not
> check certificate details. IMHO talking about security for Aunt Tillie
> makes no much sense. IMHO it would be better to design things for a user
> a bit smarter than Aunt Tillie, the one who is able to get anything from
> any security features. And then we my try to make some of the features
> accessible to Aunt Tillie (making things less secure for her than for
> the primary target, of course).

You can ask to confirm fingerprints, but include the dreaded "don't
show me this dialog box ever again" checkbox.  It would suck
security-wise, but it's what Aunt Tillie wants.

-- 
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
http://halr9000.com



More information about the Standards mailing list