- From: Randell Jesup <randell-ietf@jesup.org>
- Date: Tue, 26 Jul 2011 10:50:42 -0400
- To: public-webrtc@w3.org
On 7/26/2011 8:35 AM, Harald Alvestrand wrote: > On 07/25/11 14:15, Randell Jesup wrote: >> Agreed - for you and I, that definition of 'secure' is correct. >> Users as >> a general class would never understand that distinction, which was where >> I was thinking about. >> >> You can even argue against providing the user with any notification of >> security, at least unless they ask to see it. I'm not sure I'd >> agree, but >> it is an argument you can make. > Last time I was faced with this in an UI design context, we decided to > give a prominent UI warning if the call was NOT encrypted (and we > could detect that), and say nothing at all in case it was. > The logic was that we could give no guarantees of security, but we > could guarantee that it was not secure..... as well as making the UI > as "quiet" as possible in the normal (encrypted) case. Yes, that's generally a reasonable approach - though from our point of view it's more the responsibility of the app (which controls the primary UI). -- Randell Jesup randell-ietf@jesup.org
Received on Tuesday, 26 July 2011 14:52:22 UTC