Michael Roitzsch wrote:
If I understand things correctly, you want to have the browser maintain a sort of whitelist of domains the user trusts. Whenever the browser encounters a new SSL domain, the user is asked, if she wants to include it in the list of trusted domains. Have I gotten the idea right?
Nope. I don't think anyone with knowledge of browser UI and/or user behaviour and acceptance would propose such a thing.
What? That's almost exactly what you first and second proposal was about, only you called it SSL History.
What's proposed is a list of trusted (or untrusted) TLDs, set by us.
Again, this is new, and this was certainly not part of your first and second proposals.
/HJ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
