Sent from my iPhone. Please excuse brevity. > On Jul 7, 2015, at 08:01, Peter Bowen <[email protected]> wrote: > >> On Tue, Jul 7, 2015 at 7:51 AM, Richard Barnes <[email protected]> wrote: >> To echo Gerv's point: How is the user supposed to evaluate whether to >> trust the EU list? > > I was not imaging a first-launch UI to choose, rather an option > similar to what is available today for adding CAs. There is a special > mime type that triggers a UI in Firefox to ask the user to trust the > certificate.
Speaking of anti-patterns... > There could be a similar mime type for a trust list. > > However, I would imagine the common use case would not be the end > user, rather would be adding trust lists through central management. > That could be via the CCK or via a similar mechanism. I don't think > that the average individual user is going to be adding trust lists. For central management (and many other cases), it's already possible to install certificates via add-ons. IIUC, the entire point of these asks is to cover general users. --Richard > > Thanks, > Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
