- From: Eitan Adler <lists@eitanadler.com>
- Date: Fri, 29 Jan 2016 19:09:19 -0800
- To: richard@leapbeyond.com
- Cc: Security-dev <security-dev@chromium.org>, public-webappsec@w3.org, blink-dev@chromium.org, dev-security@lists.mozilla.org
On 29 January 2016 at 13:09, <richard@leapbeyond.com> wrote: > There is little inherently "broken" about HTTP (without the "S"). It has security limitations which it's audience accepts. Over the years people have been trained to look for proactive signs of security (https, green lock, etc) when they are doing activities that are sensitive (email, banking transactions, etc). There is a ton of UI/UX research that people do not notice the absence of positive indicators. One can train as much as they want, but the training has not worked to date. -- Eitan Adler
Received on Saturday, 30 January 2016 03:11:11 UTC