[whatwg] whatwg Digest, Vol 82, Issue 10

On 1/4/11 6:15 PM, Glenn Maynard wrote:
>  No general security model can be built around requiring the user
> to understand the technical issues behind the security.

Agreed.

At the same time no general security model should be build around 
requiring users to make decisions based on no information.

So in brief, asking the user is just a bad security model...

Note that you keep comparing websites to desktop software, but desktop 
software typically doesn't change out from under the user (possibly in 
ways the original software developer didn't intend).  The desktop apps 
that do update themselves have a lot of checks on the process precisely 
to avoid issues like MITM injection of trojaned updates and whatnot.  So 
in practice, they have a setup where you make a trust decision once, and 
then the code that you already trusted verifies signatures on every 
change to itself.

Perhaps we need infrastructure like that for websites; I'm not quite 
sure how to make it work, though, since the code that the user trusted 
once is not known to still be ok, unlike the desktop app case.

-Boris

Received on Tuesday, 4 January 2011 19:53:10 UTC