Regarding:
matthew.taylor wrote:
That said, I think the 'always load' label is misleading.
I think the labelling is generally a little odd. It's about trusted publishers, not about trusted add-ins...Well the add-ins are trusted because they have a trusted publisher.
I agree that "Always Load" is a _bit_ misleading when you are prompted for allowing a signed add-in as you are actually permitting all add-ins from this publisher (well, actually from this publisher when signed with this certificate). On the other hand, "Always Load" is exactly what we mean when you are prompted for an unsigned add-in as selecting it will only permit that add-in to be silently loaded in the future. After quite a bit of usability research (we may have spent as much time designing the dialog as we did implementing the cryptography), we felt that this distinction was small and unimportant to most users and that consistency between dialogs for signed and unsigned add-ins was more important than 100% accuracy.
I'd be interested in hearing if you see any serious problems with the wording or dialog design. Especially if you feel that the current design leads to users making bad security decisions.