W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

Re: Is the padlock a page security score?

From: Mike Beltzner <beltzner@mozilla.com>
Date: Fri, 11 Jan 2008 14:42:14 -0500
Message-ID: <4787C696.1070806@mozilla.com>
To: michael.mccormick@wellsfargo.com
CC: public-wsc-wg@w3.org

michael.mccormick@wellsfargo.com wrote:
> There seems to still be some lingering misunderstanding about the
> security score.  It does not specify how the score should be presented
> in primary chrome.  The UA is free to render it as anything from a
> padlock to a color-coded address bar to a traffic light to whatever.
> The raw score is not displayed in the primary UI. 

The disagreement is in that I don't believe a single "score" will ever 
hold value. A recommendation or advice based on a score, is what I would 
suggest we advocate in our document.

The user who needs a recommendation for action (ie: "Is this page 
safe?") won't benefit from a score ("72% safe!"), as it won't hold any 
specific meaning to them.

The user who wants to know more about why a specific recommendation has 
been given (ie: "Why are you saying that this page is suspicious, it 
looks like my bank!") won't benefit from a score ("because it's onlye 
72% safe!") because they need more detail.

Both of these users are served by a system where security risks are 
called out by the browser ("Note: This page is suspicious! 
(Details...)") and then further explanation is given (the certificate 
changed, it's not high on the network of trust, etc).

Received on Friday, 11 January 2008 19:42:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:20 UTC