Re: Is the padlock a page security score? wrote:
> There seems to still be some lingering misunderstanding about the
> security score.  It does not specify how the score should be presented
> in primary chrome.  The UA is free to render it as anything from a
> padlock to a color-coded address bar to a traffic light to whatever.
> The raw score is not displayed in the primary UI. 

The disagreement is in that I don't believe a single "score" will ever 
hold value. A recommendation or advice based on a score, is what I would 
suggest we advocate in our document.

The user who needs a recommendation for action (ie: "Is this page 
safe?") won't benefit from a score ("72% safe!"), as it won't hold any 
specific meaning to them.

The user who wants to know more about why a specific recommendation has 
been given (ie: "Why are you saying that this page is suspicious, it 
looks like my bank!") won't benefit from a score ("because it's onlye 
72% safe!") because they need more detail.

Both of these users are served by a system where security risks are 
called out by the browser ("Note: This page is suspicious! 
(Details...)") and then further explanation is given (the certificate 
changed, it's not high on the network of trust, etc).


Received on Friday, 11 January 2008 19:42:44 UTC