This section now appears in the draft Note Problems with the status quo section.
(A sub-section of the NoteIndex) [Tyler owns drafting this section; inputs from others welcome.]
This section lists problems with the display of security context information in current web browsers. This section will compare the current security context presentation listed in NoteSecurityContextAvailable against the criteria we set up in the NoteAssumptions section. Entries in this section should be culled for user interface studies, and so be accompanied by citations.
Problems with current user interface
- No chrome area versus page area distinction in user's mind
- Users do not understand the indicators in the chrome area
- Users ignore the chrome area
- The chrome area is spoofable
The chrome area spoofs itself, eg: the favicon display, TrustMe
- Users are conditioned to ignore warning dialogs
- Passwords are reused across distinct web sites
- Domain names are incorrectly read, or interpreted, by users
Users assume that a http: URL reliably connects to the indicated domain name Wall of Sheep
Certificates Authorities, or certificates, can be readily substituted mountain-america attack