- From: <michael.mccormick@wellsfargo.com>
- Date: Thu, 28 Dec 2006 00:14:52 -0600
- To: <public-wsc-wg@w3.org>
If security context relies on users understanding what digital certificates are then we've failed. As any usability expert will tell you, techies keep falling in the trap of assuming average users understand technology just because we do. This is reflected in the obscure error messages we display, such as the one I shared from IE6. Do we want to make the WWW safe enough for your grandmother to use and understand? Or do we want to make it a playground for techno elites only? -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell Sent: Friday, December 22, 2006 7:29 AM To: Michael(tm) Smith Cc: public-wsc-wg@w3.org Subject: Re: Browser security warning Michael(tm) Smith wrote: > It's going to be very hard for any browser to provide information > about the problem without mentioning the word "certificate". Maybe hard, but I think worth trying. > How would you suggest the browser could make an ordinary user > understand what a certificate is so that the user can take action when > encountering this case (a site with a self-signed cert for which no > browser is going to have a root certificate)? > > Or do you think browsers should not even bother trying to warn users > about sites with self-signed certs? (That is, just treat them as they > would an unsecure site without any cert.) 1st N times perhaps. If the user continues to access that site and the same server key is used, then at some point the browser might indicate that fact to the user. S.
Received on Thursday, 28 December 2006 06:14:45 UTC