Re: About SSL "Trick or Treat" Dialogs
- From: Pat Suwalski <pat suwalski net>
- To: Murray Cumming <murrayc murrayc com>
- Cc: Owen Taylor <otaylor redhat com>, stef memberwebs com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: About SSL "Trick or Treat" Dialogs
- Date: Tue, 4 Dec 2007 12:38:30 -0500
Murray Cumming wrote:
On Tue, 2007-12-04 at 12:12 -0500, Adam Schreiber wrote:
Unfortunately, one of the main UI elements that indicate a secure
connection is the https:// URL in the URL bar. Are you proposing to
disguise that as well?
Maybe just not shade it yellow. It will still be running over ssl
like Stef said, just not "securely".
People don't pay much attention to those hints anyway. They think that a
site is secure if they clicked on a "Secure Payment" link, if they even
have a concept of secure sites. There's no real answer to this, I'm
afraid, so sorry for the noise.
I know we are considering the average user here, but there are many
average users who consider what the box tells them anyway. The box tells
them that the connection is still secure, but that whoever is hosting
the site hasn't shelled out 600 bucks to Verisign.
I've thought about this quite a bit in my spare cycles, and I think the
dialog is just too big, at least in Firefox. It was a positive step when
they made the default to "accept" the connection. But the dialog should
just be a simple OK/Cancel messagebox with a line saying that it the
certificate could not be verified, with a button to more details.
The *incorrect* way of doing it is how it is done in IE7, which replaces
the content area of the browser with something that looks just like
their Error page. There are two links which look similar to the usual
useless MS KnowledgeBase links to accept and deny. They really go out of
their way to prevent people from using such sites, apparently.
--Pat
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
