[cap-talk] Testers needed (Was: Petname tool for Firefox 3.x?)
tyler.close at gmail.com
Mon Sep 8 17:41:13 CDT 2008
On Mon, Sep 8, 2008 at 2:58 PM, Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
> Ah. Cool. Works great so far. My only nitpick: fixed width font in the
> petname box looks a little odd. Is there a specific reason for not using
> the default system font here?
I figured characters were easiest to disambiguate in a fixed width
font. Since these are petnames, rather than attacker-chosen names,
character disambiguation isn't as big a deal, so I could revert this
if people like it better that way.
> Also, given that FF3 no longer renders the address bar in yellow for SSL
> sites with certificates signed by a trusted authority, perhaps colouring
> the background of the petname box for recognised sites light green might
> be nice, rather than rendering the text in green. Although I suspect
> you've already considered this.
I switched from background color to text color because I noticed I was
falling into the habit of only seeing the color and not the petname
text. This habit is vulnerable to phishing between petname'd sites.
This change costs a bit of the warm fuzzy feeling you get when you're
on a petname'd site, but gains protection between petname'd sites,
making petnames scalable to larger numbers of sites. I've gotten
another complaint from a user who liked it better the old way. I'm
still unsure how to resolve this issue.
It's interesting how quickly people become accustomed to the details
of even a small piece of software like the petname tool.
More information about the cap-talk