[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Thiago Macieira <thiago () kde ! org>
Date: 2009-06-09 17:12:23
Message-ID: 200906091912.29362.thiago () kde ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Jeff Mitchell wrote:
>The majority of self-signed certs I've encountered fit nicely into the
>"don't care" category, and this may be the case for many other web
>citizens. So my point was, the revamped text of the dialog box,
>whatever it is, should be informative, not paranoid. It should describe
>what the problem is (e.g. "The certificate for this web site has not
>been verified by a trusted third party. Data you see or submit may not
>come from the site you believe it is coming from.") with sane options
>for the buttons (not just "continue" which has been demonstrated to be
>vague).
>
>It should avoid the supremely annoying four clicks Firefox now requires
>(two is plenty -- what do you want to do, and are you sure?) and it
>should work with keyboard shortcuts. And it should avoid the temptation
>to be (drama warning) e.g. "zOMG someone is doing something *bad* on
>this web site, you should really leave!!1!" Because such an
>ultra-paranoid message is likely to be both untrue (they're probably
>just cheap, not doing something bad) and misleading (it might be
>perfectly safe to stay, as long as you understand the risks).
I would prefer the paranoid Firefox way in all web browsers. Then users
complained to the websites -- or the webmasters noticed the problem -- and
someone fixed the issue.
But I agree with you that we can do this with two clicks, a nasty error
message and forcing the user to review the certificate. Like:
"The website you're trying to connect to is using a certificate that
contains errors:"
"The certificate has expired"
"The certificate is not signed by a trusted source"
"The certificate is self-signed"
"The certificate is not issued to this server"
etc.
"Review certificate and continue" "Cancel"
Then show the certificate and ask:
"Ignore errors temporarily"
"Always ignore these errors for this certificate"
"Cancel"
Maybe the first message could be shown in a webpage just like Firefox and
now Konqueror errors. But the ability to show it in a dialog is necessary
because of other SSL connections (like IMAP).
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic