Amir Herzberg wrote:
We develop TrustBar, a simple extension to FireFox (& Mozilla), that displays the name and logo of SSL protected sites, as well as of the CA (so users can notice the use of untrusted CA). I think it is fair to say that this extension fixes some glitches in the deployment of SSL/TLS, i.e. in the most important practical cryptographic solution.
Yes, because it makes the user notice what CAs the _browser_ has decided the user _automatically_ accepts [1]. But there is a caveat. Can you trust what trustbar shows you? And, of course, knowing what CA is being used is also possible without trustbar but requires a couple mouseclicks. Wouldn't it be better if Firefox/Mozilla simply put the name of the CA next to the lock icon?
Cheers, Ed Gerck
[1] see corresponding flaws noted in http://nma.com/papers/certover.pdf
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
