[Standards-JIG] proto-JEP: Best Practices toPrevent PhishingAttacks on the Jabber/XMPP Network

Andreas van Cranenburgh andreas at unstable.nl
Thu Nov 17 12:14:16 UTC 2005


On Thu, Nov 17, 2005 at 11:23:07AM +0100, Tomasz Sterna wrote:
> 2005/11/17, Andreas van Cranenburgh <andreas at unstable.nl>:
> > Don't know for sure, but IIRC there have been studies which say that
> > monospace is also /generally/ easier to read.
> 
> That's not the case of character width, but character spacing.
> You need to have consistent spacing between characters for text to be
> easy to read.
> There are character sets naturally same-width: kana, herbrew, but I
> personally feel that Courier like fonts are forcing our characters to
> same width. A good attempt, but always...

Yeah good points. Maybe it's just the fault of the western alphabet then?

	Either way, with the right font a warning shouldn't ever be
necessary.  God, let's be easy with security warnings, I already have
such a hard time telling people they SHOULD accept unstable.nl's
certificate the first time, but SHOULD distrust it the second time. Esp.
because in the end they could ask "ok, but why?" and then you have
wasted your time again :) (installing CAcert is the fix, but I guess I
won't go further than putting that on the site...).

Summary: Every extra security warning distracts the user from
	the real problem(s) (be it security or just your *work* ).

Let the computer figure out what to do, that's what we have them for,
right? Oh well; must be my AI-mindset (studies).

I would like to see such a thought reflected in this particular JEP,
call it the Apple/GNOME way of doing things, or maybe better: Human
Interface-respecting, etc.

> > So eh, the point: let's use monospace for all fingerprints (hashes) and
> > domainnames; ie. security-sensitive stuff. Reasonable?
> 
> Apple does that for all input fields on all MacOSes. :-)

<offtopic>
	Heh, don't get me started. Ever since I first lay hands on an
	Apple the other day, I've been sold. More the hardware than the
	software; since I do stick to my Free Software ideas -- though,
	I've been missing the "zoom-out-and-select-window" feature like
	crazy! Too lazy to go and find it, Ubuntu should have it in it's
	default install or I won't have it :P
	Too bad I simply don't have that kind of money, for their
	"overpriced" hardware...
</offtopic>
-- 
        Andreas        [ http://unstable.nl | xmpp:andreas at unstable.nl ]
                       [  callto:ils.seconix.com/andreas at unstable.nl   ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20051117/6dd96ef8/attachment.sig>


More information about the Standards mailing list