[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Nicholas Tung <gatoatigrado () gmail ! com>
Date: 2009-06-05 17:29:06
Message-ID: fa81b0d10906051029g6e40c3qe45ae83f3cfa3420 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, Jun 5, 2009 at 04:55, Jeff Mitchell <mitchell@kde.org> wrote:
> Nicholas Tung wrote:
> > On Thu, Jun 4, 2009 at 23:56, Thiago Macieira <thiago@kde.org
> > <mailto:thiago@kde.org>> wrote:
> >
> > Nicholas Tung wrote:
> > >Hi all,
> > >
> > > If the "continue" button on the attached GUI screenshot does
> what I
> > >think it does (submits information after a certificate failure),
> please
> > >remove the option, or make it *very* clear that this is not a good
> > > choice. Firefox, by contast, has only a failure message and an
> "okay"
> > > button. [The gui came up for me because I connect via a wifi
> network
> > > that requires authentication, and it presents a redirect page for
> http
> > > and https].
> >
> > Firefox makes it very annoying to accept an invalid certificate. You
> > have
> > to add an exception to the SSL rules and you need to fetch the
> > certificate
> > first. That's after the failure message.
> >
> >
> > I would assume it's purposefully annoying, and I like it that way. One
> > click to give away information is not good, and I think invalid
> > certificates should be discouraged.
>
> Unfortunately, "invalid" is not up to the user to decide, it's whatever
> the web browser maker decides is "invalid". Self-signed certificates
> serve perfectly well for encryption, which is entirely suitable for many
> web sites where authentication of the site isn't important, only the
> encryption itself.
Exactly, you get encryption without authentication, which is useless for
security unless you've accepted it before via a secure connection to the
machine. In which case, see comment below...
> Not everyone wants to or can spend $$$ to encrypt
> personal web sites, or wants to be beholden to outside authorities. But
> these are treated as "invalid" with a big scary warning to users.
>
It's more like "$" instead of "$$$" for cheaper certificates, but this is a
separate discussion...
For those that *are* savvy, Firefox went from one click to get past a
> self-signed cert to four. You may like that annoyance, but there are a
> large number of people (like myself) that don't, or would like the
> option to change that.
>
Yes, *but once you've confirmed it, it won't bother you about it*. How many
*new* unconfirmed sites do you come across for the four clicks to be an
annoyance?
And, if you consider "ssh" to be a "savvy user thing", then what do you say
about the "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!" when the
same situation occurs (i.e. the public key changes)?
I really hate for this to get into such an argument about self-signed
certificates. I think the more relevant discussion is that "continue" is a
phrase far too often used in wizard-like GUI's, and something like "confirm
security exception", or "accept permanently", "accept temporarily", or
"reject" (as with SSH) would be *much* more appropriate. Plus, a better icon
(oxygen's security-low.png -- the red shield with an "x") wouldn't make it
any slower for the savvy users (I get the feeling you're presuming I'm not
one...).
regards,
Nicholas
[Attachment #5 (text/html)]
<div class="gmail_quote">On Fri, Jun 5, 2009 at 04:55, Jeff Mitchell <span \
dir="ltr"><<a href="mailto:mitchell@kde.org">mitchell@kde.org</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="im">Nicholas Tung \
wrote:<br> > On Thu, Jun 4, 2009 at 23:56, Thiago Macieira <<a \
href="mailto:thiago@kde.org">thiago@kde.org</a><br> </div><div class="im">> \
<mailto:<a href="mailto:thiago@kde.org">thiago@kde.org</a>>> wrote:<br> \
><br> > Nicholas Tung wrote:<br>
> >Hi all,<br>
> ><br>
> > If the "continue" button on the attached GUI \
screenshot does what I<br> > >think it does (submits information after a \
certificate failure), please<br> > >remove the option, or make it *very* \
clear that this is not a good<br> > > choice. Firefox, by contast, has \
only a failure message and an "okay"<br> > > button. [The gui \
came up for me because I connect via a wifi network<br> > > that requires \
authentication, and it presents a redirect page for http<br> > > and \
https].<br> ><br>
> Firefox makes it very annoying to accept an invalid certificate. You<br>
> have<br>
> to add an exception to the SSL rules and you need to fetch the<br>
> certificate<br>
> first. That's after the failure message.<br>
><br>
><br>
> I would assume it's purposefully annoying, and I like it that way. One<br>
> click to give away information is not good, and I think invalid<br>
> certificates should be discouraged.<br>
<br>
</div>Unfortunately, "invalid" is not up to the user to decide, it's \
whatever<br> the web browser maker decides is "invalid". Self-signed \
certificates<br> serve perfectly well for encryption, which is entirely suitable for \
many<br> web sites where authentication of the site isn't important, only the<br>
encryption itself.</blockquote><div><br>Exactly, you get encryption without \
authentication, which is useless for security unless you've accepted it before \
via a secure connection to the machine. In which case, see comment below...<br> \
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Not everyone wants to or can \
spend $$$ to encrypt<br> personal web sites, or wants to be beholden to outside \
authorities. But<br> these are treated as "invalid" with a big scary \
warning to users.<br></blockquote><div> <br>It's more like "$" instead \
of "$$$" for cheaper certificates, but this is a separate discussion...<br> \
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> For those that *are* savvy, \
Firefox went from one click to get past a<br> self-signed cert to four. You may \
like that annoyance, but there are a<br> large number of people (like myself) that \
don't, or would like the<br> option to change \
that.<br></blockquote></div><br>Yes, <i>but once you've confirmed it, it \
won't bother you about it</i>. How many <i>new</i> unconfirmed sites do you come \
across for the four clicks to be an annoyance?<br> <br>And, if you consider \
"ssh" to be a "savvy user thing", then what do you say about the \
"IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!" when the same \
situation occurs (i.e. the public key changes)?<br> <br>I really hate for this to get \
into such an argument about self-signed certificates. I think the more relevant \
discussion is that "continue" is a phrase far too often used in wizard-like \
GUI's, and something like "confirm security exception", or "accept \
permanently", "accept temporarily", or "reject" (as with \
SSH) would be <i>much</i> more appropriate. Plus, a better icon (oxygen's \
security-low.png -- the red shield with an "x") wouldn't make it any \
slower for the savvy users (I get the feeling you're presuming I'm not \
one...).<br> <br>regards,<br>Nicholas<br>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic