Gervase Markham wrote:
Right. But if you have four levels in the infrastructure, that sort of implies four levels in the UI.
Only if you base your security decisions on the certificate infrastructure only. As beltzner keeps repeating, that's not necessarily a given, or even a good idea.
Given 4 levels of infrastructure, there could be either more or fewer than 4 levels in the UI. As a dumb example, the UI could have two levels: "safe" and "not safe", where "safe" would be level 3 or 4 certificates that you've bookmarked before or level 2 certificates that you've explicitly decided are safe in an earlier browsing session. That sort of thing.
Add in the fact that different Gecko embeddors might want to make different decisions about how to work the UI, and having a fine-grained certificate infrastructure starts to look like a pretty good idea.
For example, my mother is considering using her credit card at a shop, and the UI indicates (in some way) that it is level 2 secured.
The UI is broken and should be fixed, since "level 2" means absolutely nothing to your mother.
The levels would be useful as a way to give input to the browser, which would then produce an assessment of the page based on the certificate and other factors. As beltzner keeps saying.
Now the question of how fine-grained the certificate levels can be without the whole thing gettting burdensome is a separate (and interesting) one. But from my point of view, the CA world is nowhere close to being "too fine-grained".
-Boris -Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
