- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Mon, 07 Jan 2008 13:21:46 -0500
- To: Timothy Hahn <hahnt@us.ibm.com>
- CC: Web Security Context Working Group WG <public-wsc-wg@w3.org>
Timothy Hahn wrote: > In my opinion, boiling down a bunch of very intricate, security-related > information, into something that people using user agents are more able > to comprehend (e.g. some value between 0 and 100, 0 is bad, 100 is good) I like the idea of replacing complex information with meaningful information, but I wonder if a number based system (be it a series of lock icons, checkmarks, or a number between 0 and 100) is actually meaningful. For example, in your proposed scheme, I wonder what I would do with a page that was "75". Or even a page that was "83". Does that mean 17 times out of 100 I'm gonna get screwed? Would you enter a restaurant that scored 83/100 on a health inspection? > will definitely help them to make a more informed decision. More > informed than waiting for these users to understand what constitutes a > self-signed certificate or whether that certificate is expired or not > and what that might or might not mean. I agree. But I think that boiling things down to a number, which works when you can map that number system to some sort of conceptual model (like working at 100% efficiency, or being 95% accurate) but not when the number system is an abstraction (such as being "80% secure") which holds no additional meaning. To be effective, I think the UI would need to take one of three approaches: safe, unsure, insecure, and provide more detail (in human consumable messages such as "Your friend vouched for this site", or "This site is pretending to be something it isn't") on request. cheers, mike
Received on Monday, 7 January 2008 18:22:04 UTC