Re: About SSL "Trick or Treat" Dialogs

From: "Adam Schreiber" <sadam clemson edu>
To: stef memberwebs com
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: About SSL "Trick or Treat" Dialogs
Date: Tue, 4 Dec 2007 10:38:23 -0500

On Dec 4, 2007 9:29 AM, Stef Walter <stef-list memberwebs com> wrote:
> I'd like to propose [1] that we do away with these dialogs in GNOME. In
> my opinion if we cannot verify the certificate, then we should simply
> not show the UI elements that indicate a secure connection. We should
> just act as if the connection is like any other normal connection.
>
> Removing these dialogs doesn't 'solve' security on the Internet [3], but
> I think it will make things far less confusing for the user while
> maintaining the same level of security.

I agree with Stef on not presenting these dialogs to the user.
However, it may be useful if we keep track of sites that use certs ala
ssh so that if a site's cert changes the user could be warned about a
possible man in the middle or phishing attack.

Cheers,

Adam

Follow-Ups:
- Re: About SSL "Trick or Treat" Dialogs
  - From: Stef Walter

References:
- About SSL "Trick or Treat" Dialogs
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]