Re: Not encrypting content (Re: [minutes] WebRTC F2F meeting Quebec City - 23 July 2011)

On 7/26/2011 8:35 AM, Harald Alvestrand wrote:
> On 07/25/11 14:15, Randell Jesup wrote:
>> Agreed - for you and I, that definition of 'secure' is correct.  
>> Users as
>> a general class would never understand that distinction, which was where
>> I was thinking about.
>>
>> You can even argue against providing the user with any notification of
>> security, at least unless they ask to see it.  I'm not sure I'd 
>> agree, but
>> it is an argument you can make.
> Last time I was faced with this in an UI design context, we decided to 
> give a prominent UI warning if the call was NOT encrypted (and we 
> could detect that), and say nothing at all in case it was.
> The logic was that we could give no guarantees of security, but we 
> could guarantee that it was not secure..... as well as making the UI 
> as "quiet" as possible in the normal (encrypted) case.

Yes, that's generally a reasonable approach - though from our point of 
view it's more the responsibility of the app (which controls the primary 
UI).


-- 
Randell Jesup
randell-ietf@jesup.org

Received on Tuesday, 26 July 2011 14:52:22 UTC