[cryptography] SSL is not "broken by design"

James A. Donald jamesd at echeque.com
Mon Sep 19 19:42:11 EDT 2011

On 2011-09-20 8:46 AM, Nico Williams wrote:
> Of course.  We need trusted UI paths.  That's a hard problem.  We know
> users dislike SAS (secure attention sequences).  We know people want
> full-screen apps.  These constraints make it almost impossible, if not
> impossible to get any sort of trusted UI path,

The user expects a login screen.  Login screens are *not* traditionally 
full screen, even on cell phones.  Therefore, if we take login out of 
the web page, if the user ceases to expect or perceive login as 
happening out there on the web, but instead perceives it as happening 
locally, the user will not expect a full screen login page.

That is how gamer apps usually do it.

If the login page has a distinctive look, not easily faked (non 
rectangular, overlapping the background, customized to user), it will be 
a trustworthy UI path.

More information about the cryptography mailing list