W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

Re: Is the padlock a page security score?

From: Mike Beltzner <beltzner@mozilla.com>
Date: Fri, 11 Jan 2008 14:42:14 -0500
Message-ID: <4787C696.1070806@mozilla.com>
To: michael.mccormick@wellsfargo.com
CC: public-wsc-wg@w3.org

michael.mccormick@wellsfargo.com wrote:
> There seems to still be some lingering misunderstanding about the
> security score.  It does not specify how the score should be presented
> in primary chrome.  The UA is free to render it as anything from a
> padlock to a color-coded address bar to a traffic light to whatever.
> The raw score is not displayed in the primary UI. 

The disagreement is in that I don't believe a single "score" will ever 
hold value. A recommendation or advice based on a score, is what I would 
suggest we advocate in our document.

The user who needs a recommendation for action (ie: "Is this page 
safe?") won't benefit from a score ("72% safe!"), as it won't hold any 
specific meaning to them.

The user who wants to know more about why a specific recommendation has 
been given (ie: "Why are you saying that this page is suspicious, it 
looks like my bank!") won't benefit from a score ("because it's onlye 
72% safe!") because they need more detail.

Both of these users are served by a system where security risks are 
called out by the browser ("Note: This page is suspicious! 
(Details...)") and then further explanation is given (the certificate 
changed, it's not high on the network of trust, etc).

cheers,
mike
Received on Friday, 11 January 2008 19:42:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:56 GMT