Gervase Markham wrote:
Ben Bucksch wrote:
Even if we have generic UI (like green bar), it does not help us, if
we have nothing to back it up. We should not show "Good" unless we're
sure the site is *trustworthy* - not just verified address/identity,
not on blacklist, etc., but really a site that we can recommend.
We can't determine that.
That was my point! Thus, we cannot use a "generic UI" (like "green" or
"good") as you suggested.
If we show it, and the checks were not performed properly by the CA,
and the CA disclaims liability, the users will be mad at us or the
Internet as a whole.
If the checks were not performed properly by the CA, the CA is liable.
No. If they follow the guidelines, they disclaim liability. If the
checks failed, because they were carried out in an obviously sloppy and
insufficient way, but meet the guidelines in *letter*, they are not
liable (per guidelines).
We seem to be in violent agreement. I don't quite know why you continue
to argue this as if someone disagrees with you :-)
hehe. Maybe.
Same goes with you, BTW. You said you would have liked to see
signatures, but you keep arguing against it. Just because somebody said
it will cost hundreds of dollars?
--
When responding via mail, please remove the ".news" from the email address.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
