ACTION-282
Obtain disclaimer-style text for Additional Security Context Information
- State:
- closed
- Person:
- Anil Saldhana
- Due on:
- August 29, 2007
- Created on:
- August 22, 2007
- Related emails:
- Agenda: WSC WG distributed meeting, Wednesday, 2007-09-12 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-09-11)
- Agenda: WSC WG weekly 2007-09-05 (from tlr@w3.org on 2007-09-03)
- Meeting record: WSC WG weekly 2007-08-22 (from tlr@w3.org on 2007-09-01)
- Re: [fwd] RE: WSC WG minutes from this week? (from: hlockhar@bea.com) (from ifette@google.com on 2007-08-27)
- [fwd] RE: WSC WG minutes from this week? (from: hlockhar@bea.com) (from tlr@w3.org on 2007-08-27)
Related notes:
Email from Serge:
=======================
It is unlikely that users will examine secondary chrome or take other
proactive steps in order to examine contextual information. Studies
have shown that few users examine primary chrome (which requires no
additional actions) for security information. In one study on SSL
indicators, no users examined contextual information in primary chrome
when not primed for security. Though when primed for security in the
laboratory, around 70% started to notice the lock icon [1]. In another
study where participants were primed for security, roughly half of them
used secondary chrome to examine SSL certificates [2]. Thus, it likely
that when not primed for security (outside the laboratory setting) even
fewer users will bother to take overt actions to examine contextual
information in secondary chrome.
1. T. Whalen and K. M. Inkpen. Gathering Evidence: Use of Visual
Security Cues in Web Browsers. In Proceedings of the 2005 Conference on
Graphics Interface, pages 137–144, Victoria, British Columbia, 2005.
2. H. Xia and J. C. Brustoloni. Hardening web browsers against
man-in-the-middle and eavesdropping attacks. In Proceedings of the 14th
International World Wide Web Conference (WWW2005), pages 489–497.
W3C/ACM, May 2005. http://www.cs.pitt.edu/ jcb/papers/www2005.pdf.
Display change log.