Re: ACTION-240 :TLS errors... from Mary Ellen Zurko on 2007-07-09 (public-wsc-wg@w3.org from July 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 9 Jul 2007 16:51:07 -0400
To: "Serge Egelman <egelman" <egelman@cs.cmu.edu>
Cc: W3C WSC Public <public-wsc-wg@w3.org>
Message-ID: <OF6AAA49EC.C02EF293-ON85257313.00727EF6-85257313.00728B77@LocalDomain>

> Look at it from the other side: EV certs are the great panacea that 
> solve these problems.  Yet most users do not notice the green address 
> bar (much less the absence of it!).  From the study that I'm finishing 
> up, not one user noticed the green address bar.  Not one user noticed 
> that the phishing sites they visited did not use any SSL indicators. 
> However, full screen warnings that interrupt the user's task were 
> extremely effective. 

So, what do we have in our proposals that covers that?

Received on Monday, 9 July 2007 21:03:32 UTC