[cap-talk] Firefox and identifiability, small steps or large

[David Hopwood]

Ian G wrote:
> Ka-Ping Yee wrote:
> 
>> I agree that the TrustBar offers the *possibility* of a benefit for
>> users that know all the CAs, pay attention, etc.  What i'm suggesting
>> here is that, for most users, this benefit may be reduced near zero
>> by the fact that most users will not memorize the logos or names of
>> all the popular CAs.  Consequently, they will ignore the CA indicator,
>> thereby allowing phishers to use self-signed certificates to spoof
>> the first indicator (the domain name/logo).
>>
>> Is this better than what we have now?  Maybe, but it's hard to say.
> 
> OK, let me drift here into why logos are better
> than pet names.  It's easiest to say from these
> words:  TV, movies, brands, fashion, marketing.
> 
> All these things use visual information to get a
> message across.  The reason they use a visual
> symbol is because it is much higher bandwidth
> and much more efficient than almost any other
> form.

The disadvantages of icons are:

  - It isn't practical for the user to create an icon. Therefore it has
    to be provided in the introduction, which increases the possibilities
    for confusion and social engineering. With textual names, the user
    can always choose a name that is meaningful to them.

  - An icon can't be typed. It can only be selected from a list, or
    referred to indirectly via a textual name. This makes icons less
    expressive in the sense that you can't use them in many situations
    where you could use a name, for example in a command line interface.

I would be unsatisfied (both as a user and as a system designer) with
any system that allowed only icons to be used, i.e. did not always
permit a textual pet name to be used in place of an icon.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>