UI for secure web and email

Albert Cahalan acahalan at gmail.com
Thu Oct 4 02:09:38 EDT 2007


On 10/4/07, C. Scott Ananian <cscott at cscott.net> wrote:
> On 10/3/07, Albert Cahalan <acahalan at gmail.com> wrote:
> > The usual "secure site" icon and "bad certificate" warnings
> > have lots of problems.
>
> Note that security in the browser has been *extensively* studied in
> academia, and there are numerous suggestions for improvements in the
> literature.
>
> We should *definitely* not try to design an improvements ourselves
> without consulting the people who have studied this problem for a long
> time.

Specificly about the UI, or just security in general?
UI improvements will be a lot less invasive than
major changes to the security model.

Think of it as buying time for the major changes.
XSS and similar can be defeated later. Holding up
security-related UI improvements is no good.



More information about the Devel mailing list