- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 14 Nov 2007 07:04:35 -0800
- To: "Serge Egelman" <egelman@cs.cmu.edu>
- Cc: "Ian Fette" <ifette@google.com>, "W3C WSC Public" <public-wsc-wg@w3.org>
Serge, People can understand the argument you are attempting to make and still disagree with its validity. I know that merchants believe that people notice the siteseal because they are prepared to pay the significant premium of a VeriSign Class 3 cert over a domain validated cert. What I do not have access to is the data on which they form this decision. The problem here would be setting up a realistic test. To get a realistic sample we would want to do a double blind field test. That would require a merchant that was willing to risk a temporary drop in sales by turning off the siteseal. Not sure how to go about that in a viable way. Perhaps offer some GeoTrust customers a free upgrade to a VeriSign cert if they participate in the study? Phill > -----Original Message----- > From: Serge Egelman [mailto:egelman@cs.cmu.edu] > Sent: Tuesday, November 13, 2007 10:00 PM > To: Hallam-Baker, Phillip > Cc: Ian Fette; W3C WSC Public > Subject: Re: ACTION-335 logotypes and ISSUE-96 discussion > > I'm not sure if you really don't comprehend this, or are just > trying to be difficult, but: > > If users do not notice the indicator, do not trust the > indicator, or otherwise do not use it when making a trust > decision, it has failed. > > If user behavior when using these indicators is not > significantly different from behaviors when not using any > indicators, then they have failed as well. > > Etc., etc., etc. > > These metrics are in all of the studies cited in the shared > bookmarks. > This is nothing new. If all we cared about is whether a > recommendation caused physical damage, then we could > recommend all sorts of crap that doesn't actually doing > anything productive. > > serge > > Hallam-Baker, Phillip wrote: > > It depends what you mean 'they don't work'. > > > > Absent a technology demonstrably causing the machine to ignite > > vaporizing the user instantly I don't think that we are going to > > obtain objective measures from lab tests. > > > > Certainly we can determine which factors are in operation, but we > > simply cannot expect to predict which factors will be dominant. > > > > > ---------------------------------------------------------------------- > > -- > > *From:* Serge Egelman [mailto:egelman@cs.cmu.edu] > > *Sent:* Tue 13/11/2007 11:23 AM > > *To:* Hallam-Baker, Phillip > > *Cc:* Ian Fette; W3C WSC Public > > *Subject:* Re: ACTION-335 logotypes and ISSUE-96 discussion > > > > This is irrelevant for our purposes. If we test them and > find that in > > a perfect world they don't work, then this is moot. If we > test them > > and find that they're effective, then we make a recommendation, and > > it's out of our hands. At that point the application > vendors aren't in compliance. > > > > serge > > > > Hallam-Baker, Phillip wrote: > > > I have never had the slightest difficulty selling the idea of > > logotypes > to customers. The problem is purely on the application > > side. The logos > have no value unless they are displayed. > > > > > > So we risk a chicken and egg situation where the > application side > > people > refuse to do anything about implementation until they are > > assured that > there will be 100% adoption by the site > owners which > > is not going to > happen until there are applications to > present the logos. > > > > > > Someone has to make the first move, we cannot gate the scope of > > what we > will consider by requiring an assurance of total > adoption > > by any market > participant. > > > > > > > > > ---------------------------------------------------------------------- > > -- > *From:* public-wsc-wg-request@w3.org on behalf of Ian > Fette > > > *Sent:* Fri 09/11/2007 4:49 PM > *To:* W3C WSC Public > > *Subject:* > > ACTION-335 logotypes and ISSUE-96 discussion > > This action > > (ACTION-335) was to provide discussion topics for ISSUE-96. > > > I only really have one point, and I will try to state it more > > clearly > than at the meeting. > > > > > > To me, the effectiveness of any of the logotype > proposals (or the > > EV > proposals, for that matter) depends greatly upon the > adoption of > > these > technologies by sites. We can do really cool flashy things > > when we get > an EV cert, or an EV-cert with a logo, but right now > > the only two sites > I can find using an EV cert are PayPal and > > VeriSign. Therefore, I wonder > how habituated people > would become in > > practice, if they never (or > rarely) saw the EV/logotype > interface stuff in use. > > > > > > My proposal is that any usability testing of the EV > and/or logotype > > > things in the spec not only reflect how users would > behave in a land > > > where everyone is using EV-certs and life is happy, but > rather also > > test > a more realistic case. That is, look at what the > adoption is > > presently > and/or what we can reasonably expect it to be > at time of > > last call, and > do usability testing in an environment > that reflects > > that adoption rate > - i.e. some percentage of sites using > EV certs, > > some percentage also > using logos, and another percentage still > > using "normal" SSL certs. My > worry is that we may be > thinking "EV > > certs will solve X,Y, and Z", but > that may only be the case if > > users are used to seeing them on the > majority of sites, > and should > > that not end up being the case, we need to > look at the > usability and benefit in that scenario as well. > > > > > > I think this is what the ACTION wanted, i.e. for me to > state this > > point > more explicitly. I am going to therefore assume > that my work > > on this > action is complete, unless I hear otherwise. > > > > > > -Ian > > > > -- > > /* > > PhD Candidate > > Vice President for External Affairs, Graduate Student Assembly > > Carnegie Mellon University > > > > Legislative Concerns Chair > > National Association of Graduate-Professional Students */ > > > > -- > /* > PhD Candidate > Vice President for External Affairs, Graduate Student > Assembly Carnegie Mellon University > > Legislative Concerns Chair > National Association of Graduate-Professional Students */ >
Received on Wednesday, 14 November 2007 15:12:56 UTC