On 9/6/13 8:23 AM, John C Klensin wrote:
I think that one of the more important things we can do is to rethink UIs to give casual users more information about what it going on and to enable them to take intelligent action on decisions that should be under their control. There are good reasons why the IETF has generally stayed out of the UI area but, for the security and privacy areas discussed in this thread, there may be no practical way to design protocols that solve real problems without starting from what information a UI needs to inform the user and what actions the user should be able to take and then working backwards. [...] And the fact that those are 75% of more UI issues is probably no longer an excuse.
Absolutely. There is clearly a good motivation: A particular UI choice should not *constrain* a protocol, so it is essential that we make sure that the protocol is not *dependent* on the UI. But that doesn't mean that UI issues should not *inform* protocol design. If we design a protocol such that it makes assumptions about what the UI will be able to provide without verifying those assumptions are realistic, we're in serious trouble. I think we've done that quite a bit in the security/application protocol space.
one of my personal peeves is the range of unsatisfactory conditions --from an older version of certificate format or minor error to a verified revoked certificate -- that can produce a message that essentially says "continuing may cause unspeakable evil to happen to you" with an "ok" button (and only an "ok" button).
OK, one last nostalgic anecdote about Eudora before I go back to finishing my spfbis Last Call writeup:
MacTCP (the TCP/IP stack for the original MacOS) required a handler routine for ICMP messages for some dumb reason; you couldn't just set it to null in your code. So Steve implemented one. Whenever an ICMP message came in for a current connection (e.g., Destination Unreachable), Eudora would put up a dialog box. It read "Eudora has received an ICMP Destination Unreachable message." The box had a single button. It read, "So What?"
Working for Steve was a hoot. pr -- Pete Resnick<http://www.qualcomm.com/~presnick/> Qualcomm Technologies, Inc. - +1 (858)651-4478