Hi Dan, Dan Veditz wrote:
My question to your suggestion is, if we can't come up with something, that would tell the user _any_ difference between _any_ certificate. Which means, to display the user the most important information in a convenient way, which could be perhaps the subject line and issuer. Also it should contain additional information, such as perhaps the key size and encryption algorithm used for the connection, if the page contains unsecured content, if the CRL was checked and if the issuer is known (e.g. trusted). "EV validation" could be one of those details as well...It's certainly not going to be a green bar, but if we can come up with something decent isn't it worth being able to tell the difference between "we know these identities were validated to a certain standard" vs. "these identities may or may not have been validated to that standard"?
Another question remains, what happens if tomorrow a different forum invents a different standard? Are you going to support it? If not, why not?
And at last, to what extent the Mozilla Foundation should endorse and follow the recommendations of what is basically an industry trade group for commercial CAs? Since the CA/Browser forum is a closed forum, which doesn't even allow membership to non-commercial or lesser established CAs, makes it highly suspicious of its real goals! Openness is key for the success of it and certainly something Mozilla should strife for!
Thank you for your time! -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
