[whatwg] whatwg Digest, Vol 82, Issue 10

Boris Zbarsky bzbarsky at MIT.EDU
Tue Jan 4 19:53:10 PST 2011


On 1/4/11 6:15 PM, Glenn Maynard wrote:
>  No general security model can be built around requiring the user
> to understand the technical issues behind the security.

Agreed.

At the same time no general security model should be build around 
requiring users to make decisions based on no information.

So in brief, asking the user is just a bad security model...

Note that you keep comparing websites to desktop software, but desktop 
software typically doesn't change out from under the user (possibly in 
ways the original software developer didn't intend).  The desktop apps 
that do update themselves have a lot of checks on the process precisely 
to avoid issues like MITM injection of trojaned updates and whatnot.  So 
in practice, they have a setup where you make a trust decision once, and 
then the code that you already trusted verifies signatures on every 
change to itself.

Perhaps we need infrastructure like that for websites; I'm not quite 
sure how to make it work, though, since the code that the user trusted 
once is not known to still be ok, unlike the desktop app case.

-Boris



More information about the whatwg mailing list