[cryptography] Preserve us from poorly described/implemented crypto
nico at cryptonector.com
Tue Jun 7 15:31:43 EDT 2011
On Tue, Jun 7, 2011 at 2:25 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> I dunno. Seems like more often than not these days it's security taking a
> back seat to the user experience.
> For example, Mozilla is removing the status bar and the SSL lock icon along
> with it. A perfect opportunity for a phishing site to paint one of their
> own. Now they're talking about removing the address bar too.
> With every pixel valuable on mobile displays, browsers want to dedicate the
> whole frame to the page itself. Consequently, there is no chrome with which
> to communicate security information out-of-band, i.e., not under the control
> of the web page.
FWIW, the webkit-based browser on my phone (an Evo) does give me a way
to get to the menu via touch buttons at the bottom of the phone, and
thence to the status bar. Think of that as a secure attention
sequence (SAS). So, it is possible to have a good UI, even on a
More information about the cryptography