User visible complexity is what matters the most, as implementation complexity becomes well amortized quickly. And from the user's perspective "security adds complexity and restrictions" is not an invariant. Security is a many dimensioned continuum, not a binary value. Some kinds of security adds significant complexity, some add basically none, but the amount of complexity is often only weakly related to the amount of security being provided.
For example, address space layout randomization does not meaningfully increase complexity for the user. Likewise Ephemerally keyed encryption can be provided completely invisibly and provides _absolute_ protection against passive monitoring and at least the risk of detection (if unlikely) for any attacker who performs active attacks.
The user not caring isn't a user problem: It's a technical problem with the system. HTTPS should provide security for the user even if they are unaware or indifferent and should do so without effort on their part. A system which fails to do so is not secure in the real world where systems are used by real humans which have well established poor behaviour, even security experts fall into these traps.
"It's secure if you put the user on the moon" wouldn't be an acceptable excuse for failing of HTTPS and nor should "it's secure if the user has superhuman vigilance" be considered acceptable.
Asking users to make _more_ decisions will decrease security, not increase it, as it provides more ways to trick them, more ways to downgrade them, more reasons for them to blindly agree to whatever dialogs pop up.
Of course, improving things like not making everyone concurrently trust all CA's would be grand. I wasn't trying to oppose this, only pointing out that the CA specific problems are only one part of a system with many issues.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds