Re: [therightkey] Basically, it's about keeping the CAs honest
Phillip Hallam-Baker <hallam@gmail.com> Thu, 16 February 2012 21:50 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E48E21E801C for <therightkey@ietfa.amsl.com>; Thu, 16 Feb 2012 13:50:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.404
X-Spam-Level:
X-Spam-Status: No, score=-3.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdtqDJ8gC5Bp for <therightkey@ietfa.amsl.com>; Thu, 16 Feb 2012 13:50:31 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 09BB721E8019 for <therightkey@ietf.org>; Thu, 16 Feb 2012 13:50:30 -0800 (PST)
Received: by obbwd15 with SMTP id wd15so4090357obb.31 for <therightkey@ietf.org>; Thu, 16 Feb 2012 13:50:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=vQ2tvaVRCOCV8QkW/3RGLMdTLRiZbfOxrXQDkE8u8dM=; b=VoqIkGFdDdYjPLZerbVPv1gBm/1CERnuvabqk6eX3GG8YoRflMRGrFd8uCJlW0mu+1 lEx7YDB/kIa27ogBwiMNpA6NtRkMjAnE0Kk9R1gMJsClHoC0hqrxxPhnoU13tHiuCJ9O 5ZO5b5ZLhlBANMq6e/BP7ngYb0qYr9E8l92qU=
MIME-Version: 1.0
Received: by 10.182.75.102 with SMTP id b6mr3225990obw.9.1329429029900; Thu, 16 Feb 2012 13:50:29 -0800 (PST)
Received: by 10.182.75.138 with HTTP; Thu, 16 Feb 2012 13:50:29 -0800 (PST)
In-Reply-To: <7BAC95F5A7E67643AAFB2C31BEE662D01579DA1995@SC-VEXCH2.marvell.com>
References: <gym9r33x3m8ydl4xwbjezwJv4X.penango@mail.gmail.com> <201202160524.q1G5ON2p003570@fs4113.wdf.sap.corp> <CA+cU71n1HeQ3nK_FjM67dO8U7=HmDBG3q0_4cvH9CY6Y0_=9BQ@mail.gmail.com> <CAMm+LwiQdXo6bmYmtyR7aw1S=A889edFdSU5aAJVgN4ZMwNrFw@mail.gmail.com> <4F3D481E.40001@fifthhorseman.net> <CAMm+LwhrxnznFUTf_TJERjt0rNo+Offs2aUnKLPP2JBR8SYVSA@mail.gmail.com> <CA+cU71kvQ4b2QsowgtjfM6qG0UWAMG5jvPPZTtD9KgqA01DaiA@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D01579DA1995@SC-VEXCH2.marvell.com>
Date: Thu, 16 Feb 2012 16:50:29 -0500
Message-ID: <CAMm+Lwjw+4eLAwREAEbdEU0caV+XVSUZmB=f9y54PMW6ZD8Ptg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Lambert <paul@marvell.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Tom Ritter <tom@ritter.vg>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 21:50:38 -0000
I don't trust the results of lab usability studies. One of the big problems is that a subject comes into a lab expecting to see stuff that is flaky. So they are primed to ignore warnings. Another side of this is that usability methodology has been developed to sell stuff. That is why the priority for Apple was to get the user comfortable in 15 mins. That is a typical length for a sales pitch. The whole usability world has evolved around the first impression of the user and not the long term response. But the academics are really happy with a paradigm that allows them to get papers published on the basis of cheap, easy to run studies. I agree that a security signal needs to be much more than a different address bar color. I would take over the whole browser window for a transitional. On Thu, Feb 16, 2012 at 4:29 PM, Paul Lambert <paul@marvell.com> wrote: > > > > >>I'd also like to go on the record that I think a visual indicator to >>the user that shows a cert is valid only under local policy is a >>fantastic idea and I support it wholeheartedly. Of course UI is hard, >>especially with this opaque a topic to an average user, but I still >>think giving it a shot is a good idea. > > A similar usage of colors - with poor results: > http://www.usablesecurity.org/papers/jackson.pdf > > Is local policy more or less secure to the user? I'd say more ... -- Website: http://hallambaker.com/
- [therightkey] Basically, it's about keeping the C… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Benjamin Kreuter
- Re: [therightkey] Basically, it's about keeping t… Yoav Nir
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Stephen Farrell
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Carl Wallace
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker