[Adium-devl] Padlocks & Security

[Colin Barrett]

I saw zac's checkin today, http://trac.adiumx.com/changeset/21295, and  
had some concerns about the change.

Summary: A closed padlock can mean two things now:
1) end to end client encryption (and some form of identity  
verification), but only works for messages, not all traffic.
2) encrypted connection to the server, no guarantees about  
snoopability of messages end-to-end, but also protects all client<- 
 >server traffic from eavesdropping

Is showing this SSL information useful? Can it be inferred from prefs?  
If we do want this information to be in UI, how do we display it in a  
way that doesn't confuse people, and doesn't give users the wrong  
impression.

The padlock icon in browsers is a particularly famous example of  
people misunderstanding the difference between identify verification  
and network traffic encryption.

19:31 < cbarrett> zac: question about the padlock
19:31 < cbarrett> where in the accounts list does it show up?
19:32 < zac> the left of hte account name (exact placement tbd)
19:32 < zac> it only applies to jabber atm, i gotta look how to do it  
for msn
              (and any otherthings that encrypt; not sure which do)
19:32 < cbarrett> I'm worried it will be confusing
19:32 < cbarrett> since we now have two padlocks
19:32 < cbarrett> for two totally different and unrelated things.
19:32 < zac> it'd be confusing in the account menu too
19:33 < cbarrett> zac: imagine the situation where a user enables  
encryption on
                   his account.
19:33 < zac> yeah, I understand how it could be confusing with OTR
19:33 < cbarrett> and then looks at his message window
19:33 < cbarrett> and sees that it's unlocked
19:33 < zac> I'm wondering how else we can present the idea that an  
account is
              connected via SSL
19:33 < cbarrett> zac: I'll ask the security UI guy here at moz if he  
has any
                   ideas.
[Ed. note - I did talk to him, and paraphrased some of his answers in  
my messages below]
19:33 < zac> mmk
19:34 < zac> really easy change, the "big" change was just making it  
not a
              weird instance variable in jabber
19:38 < cbarrett> I'm not really sure that indicating if an account is  
on SSL
                   is really very useful, personally.
19:38 < zac> hmm
19:38 < zac> maybe just in the account edit options
19:38 < zac> in the corner
19:38 < cbarrett> isn't it obvious from the checkboxs though that  
encryption is
                   on?
19:39 < zac> well, does that 100% imply that the active connection is  
encrypted?
19:40 < cbarrett> I don't know the details of xmpp but it woudl seem  
to me that
                   if you have "Use SSL" checked, it should use SSL  
always or
                   fail to connect
19:40 < zac> well, you can "require ssl" but it can go either way if  
the server
              does or doesn't spport it, i think
19:40 < cbarrett> security or otherwise, two icons with the same  
meaning is a
                   Bad idea.
19:40 < zac> yeah
19:43 < cbarrett> I think we want to figure out what about security we  
can tell
                   our users unambiguously?  "security" is ambiguous -  
do they
                   care about preventing eavesdropping?  Do they care  
about
                   being able to affirmatively identify the other  
person?  Or
                   the server they connect to?  Or both?
19:45 < cbarrett> zac: you wanna continue this on devl?
19:45 < cbarrett> I can email this to them to get things started.
19:45 < zac> hmm that might be easier
19:45 < zac> maybe somebody else has a good idea on how to present it,  
or
              whether or not it's ambiguous
19:46 < cbarrett> k done