Heikki Toivonen wrote: >> In theory a user (RP) should read the CA >> policy of the issuing CA before trusting a certificate, otherwise how >> should he know about the verifications performed or any other procedure >> a CA promises? Obviously, this is not very practical, hence our >> proposal for a simplified but improved UI change! > It is not very practical to require a user to read those specs, > especially considering those policies can be written in any language. > That's what I just said above... > I have to disagree with you on some of your UI choices though. OK > I think > everything the user needs to make a decision about trusting a site needs > to be visible by default. So you agree with me? ;-) > Requiring the user to mouse over a control > gets tedious quickly even for people who know about it, and those that > don't know may never discover it. > Well, if this is the case, then lets remove also the "Authenticated by..." mouse over, according to your argument above...It might never be seen by the user and requires to control the mouse... > > I haven't yet read the EV draft fully to see how closely it matches my > expectations, > Than you should do this perhaps first!
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
