Cheers
-Richard

Why more no secure? They are proving their identity by sending a shared secret (the picture) to an unauthenticated party. That provides no protection against a man-in-the-middle attack. If I can get you to load my fake webpage, I can also relay your username request to the bank so I can display the correct picture.

Why less secure? Unless they’re smart enough to display a random picture on unknown username, this technique provides a simple way to test the existence of an account.

Since it’s a picture I chose and see every time I login, if I ever see a different picture I’ll immediately realize something is up and be cautious about entering my login credentials.

I think that type of phishing prevention is much more useful than the browser cert warning.

http://actsofvolition.com/images/screenshots/web/windows-cert-error.png

That text is not bad, minus the extraneous quotes around “certificate”. (”Using this ‘laser’, I will…”)

Bryan:

You’ve been unsuccessful because it’s impossible - the issues are inseparable. The browser does not know the server administrator’s intent. It is unable to distinguish between a “configuration problem” of inadvertently sending a valid certificate for another site and a “security problem” of deliberately sending a valid certificate for another site. I’m skeptical even of heuristics like “‘example.com’ and ‘www.example.com’ are basically the same”.

What you’re doing is like trying to come up with a smart lock that can distinguish between the “forgetfulness issue” of someone forgetting the key and the “security issue” of someone not having the key. You can’t do it - all the lock sees is a “no key issue”, and its policy is to refuse entry. Maybe the “forgetfulness issue” is more common in some situations, but the “security issue” would be common as hell if the lock’s policy was to let people in anyway.

You are convincing me that there is more danger here than I’d realized. Aunt Tillie on her own would handle Safari’s dialog box fine. But the real danger is that her “computer genius” nephew will tell her to ignore it - it’s probably not important because he gets this security warning at his friend Joe’s website and no one has ever stolen his credit card there.

This site is supposed to be trusted, but the site’s “certificate” is [broken/out of date/not trusted/delete as appropriate].

This may mean you’re connecting to someone *pretending* to be http://www.url.com

If you choose to visit it anyway, treat it with suspicion! Don’t enter any personal information, such as credit card numbers!

[ Visit it anyway ] [ View certificate ] [ Keep away! ]

- Brian

PS. [Go Back] or [Previous Page] may me more useful to the user than [Cancel]

If the broken Firefox behavior is fixed, then there’s no need for figuring out how to re-word the dialog.

Similarly, one of the most common areas of breakage with certs is that the certificate covers http://www.foobar.com and I’m visiting foobar.com, or vice versa. You say that the issue is that the site is misconfigured. But the certification authorities charge more for a wildcard certificate, so people on a budget don’t pay. For close matches of this kind, the browser should, once again, shut up.

[Start Fresh] [Return to where I was]
—
([Start Fresh] would repeat the POST request and [Return to where I was] would pull the page one page forward in the history from the browser cache.

The cert validity can in some cases matter when viewing the page. I focused on sending information because that’s the most common case, but users can take out-of-band actions based on information obtained from a trusted source. It is important that they know this is not a trusted source.

Everybody does not walk around this warning. The “Aunt Tillie” crowd does not often go to mailing list sites which use SSL for no particular reason. They primarily use SSL for online banking and resellers like amazon.com. If they get a security warning at one of those sites, it is much much much more likely someone is trying to steal their money than that amazon.com screwed up SSL or is using a homegrown CA.

@scott: I think you’re missing the real error with these dialogs. The problem is that your user had the intention to view the web site the dialog is warning about. They want to be there. Again, putting aside the problems of phishing. So it doesn’t really matter what dialog you put in front of them, nobody reads the text. These dialogs look like the hobos wearing signs that say “The End is Near”, sure they get in your way on the sideway and sound scary if you took the time but everyone just walks around them. And the SSL cert validity doesn’t actually matter until someone sends information the site, while you’re just viewing it there’s nothing wrong with an expired cert. When somebody submits information, then you might have an issue.

Safari can’t verify the identity of the website “www.slamb.org”.

The certificate for the website was signed by an unknown certifying authority. You might be connecting to a website that is pretending to be “www.slamb.org” which could put your confidential information at risk. Would you like to connect to the website anyway?

[?] [Show Certificate] … (gap here) … [Cancel] [Continue]

http://www.advogato.org/person/slamb/diary.html?start=61
http://www.advogato.org/person/slamb/diary.html?start=60

The dialog could then say something like, “You originally sent data (via POSTDATA) to view this page, to view it again would require you to resend the data. …”

* “It appears you submitted your login information. It would probably be harmless to continue.”
* “It appears you submitted a 15MB media file called ‘animals-wearing-hats-with-a-wide-angle-lense.ogg’. You probably do not want to post this again.”
* “It appears you posted a comment on a blog or forum. You probably do not want to post it again.”

If the page is being navigated to, an additional button, “Return to previous page” could be helpful.