- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 04 Jan 2011 21:53:10 -0600
On 1/4/11 6:15 PM, Glenn Maynard wrote: > No general security model can be built around requiring the user > to understand the technical issues behind the security. Agreed. At the same time no general security model should be build around requiring users to make decisions based on no information. So in brief, asking the user is just a bad security model... Note that you keep comparing websites to desktop software, but desktop software typically doesn't change out from under the user (possibly in ways the original software developer didn't intend). The desktop apps that do update themselves have a lot of checks on the process precisely to avoid issues like MITM injection of trojaned updates and whatnot. So in practice, they have a setup where you make a trust decision once, and then the code that you already trusted verifies signatures on every change to itself. Perhaps we need infrastructure like that for websites; I'm not quite sure how to make it work, though, since the code that the user trusted once is not known to still be ok, unlike the desktop app case. -Boris
Received on Tuesday, 4 January 2011 19:53:10 UTC