[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Thomas =?iso-8859-1?q?L=FCbking?= <thomas.luebking () web ! de>
Date: 2009-06-09 17:39:04
Message-ID: 200906091939.05012.thomas.luebking () web ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Am Tuesday 09 June 2009 schrieb Matthew Woehlke:
> Maybe we should instead just present such sites as insecure? Maybe even
> without giving warning?
Joe user just learned: "Green little shield means >>i'm secure<<"
Web page says: "You're using ssl (secure mode)"
Joe sees: "Green shield absent", thinks: "OMG i'm being trapped!!"
In other words:
silently walking over security issues is probably no good idea, as it can lead
to contrary user info. -> panic mode?
-> present a dialog that clearly states:
This webpage uses an encrypted line but does not prove it's identity.
This is probably harmless, but rather NOT sufficient for e.g. online banking
[Show Details] [Trust certificate and continue semi-secure] [Leave this Page]
^ Detailed explanation for paranoids, certificate metas, ...
Thomas
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" \
"http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" \
content="1" /><style type="text/css">p, li { white-space: pre-wrap; \
}</style></head><body style=" font-family:'Segoe'; font-size:9pt; font-weight:400; \
font-style:normal;">Am Tuesday 09 June 2009 schrieb Matthew Woehlke:<br> > Maybe \
we should instead just present such sites as insecure? Maybe even<br> > without \
giving warning?<br> Joe user just learned: "Green little shield means >>i'm \
secure<<"<br> Web page says: "You're using ssl (secure mode)"<br>
Joe sees: "Green shield absent", thinks: "OMG i'm being trapped!!"<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>In other words:<br> silently walking over security issues \
is probably no good idea, as it can lead to contrary user info. -> panic mode?<br> \
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; \
margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>-> present a dialog that clearly states:<br> <p \
style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; \
margin-right:0px; -qt-block-indent:0; text-indent:0px; \
-qt-user-state:0;"><br></p>This webpage uses an encrypted line but does not prove \
it's identity.<br> This is probably harmless, but rather NOT sufficient for e.g. \
online banking<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>[Show Details] [Trust certificate and \
continue semi-secure] [Leave this Page]<br> ^ Detailed explanation for paranoids, \
certificate metas, ...<br> <p style="-qt-paragraph-type:empty; margin-top:0px; \
margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; \
text-indent:0px; -qt-user-state:0;"><br></p>Thomas</p></body></html>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic