[cap-talk] Google Chrome - web browser with sandboxed rendering

[Raoul Duke]

>> [assuming they should know or care about what POP is] then we should
>> not show that dialog box but instead just of course do the secure
>> thing. such ability is empirically not accomplished with current
>> systems.
>
> How do we know it is a POP connection? If the application claims to
> need to use some advanced version of POP your OS doesn't support, then
> what?

personally i think:

ideally the user should not have to know what kind of connection it
is, other than at worst they understand it might enable them to get to
the email resource. this goes back to the horrible divide between what
a user is thinking about when they are trying to do something vs. what
it actually takes to get it done with most computing systems today.

the question of how mismatched services + requirements are resolved is
an excellent one. i think it is a great litmus test for any proposed
solution to the usability+security problem we are faced with. we have
to figure out what the possible answers are and then ask users what
they think of them, perhaps. or we have to be chaperons and refuse to
let the user do something less secure just because it is the only way
they can at that moment complete their task. 'good luck!' with the
latter, of course.

sincerely.