Re: Slightly off topic - summary of problems with SSL from dotCrime Manifesto

"Hallam-Baker, Phillip" <pbaker@verisign.com>, 2006-12-13 12:04 -0800:

> This might be slightly off our current topic but the summary
> might be useful. In my book the dotCrime Manifesto I set out the
> principle problems as I see them in the current SSL user
> interface. I wondered if folk might like to review them and
> comment on possible additions.

Most everything you listed (problems and ideas about possible
solution) seems to me right on target. Right now I can't think of
anything that ought to be added. But I would question the accuracy
of the following:

> The certificate information dialog in existing browsers is
> designed as a debugging tool for site administrators rather than
> a means of communication to the user.

That may have been what the cert dialog in browsers was originally
designed for. But I don't think it's accurate to say that's the
only purpose it's currently designed for or intended for. 

I think in general it's a risky to make broad statements about
particular UI behavior across existing browsers, and not consider
that there might be possibly important distinctions among them. In
discussions here, I sometimes find myself wondering exactly which
browsers people have spent time looking at. I get the impression
that most folks are probably pretty familiar with MSIE and
Firefox. And maybe with Safari. But I wonder who's spent time
looking at, say, Konqueror (which is, I think, the second-most
widely used browser on Linux), or Flock or Maxthon or OmniWeb
(which are known for having some innovative features), or Amaya
(the W3C's browser/editor), or iCab, or Shiira, or Flock, or...

I'm not saying that other browsers are necessarily doing anything
differently today with regard to display of security context
information than MSIE or Firefox are. But they may already have
some UI behavior that could shine light on ways to better display
security information.

  --Mike

Received on Thursday, 14 December 2006 06:40:32 UTC