Gervase Markham wrote:
Now, it really depends what you can do with this second Level. And it
is a decision which depends on the user mostly. However the user must
receive the correct indications and/or information to make a
decision, which he today most likely can't.
I don't understand how what you are suggesting would work out in
practice. It seems to me that you end up somewhere between these two
extremes:
And I thought, that we leave the UI issue to Jonathan and his team?
However I think there are various ways dealing with it, certainly better
than today. Also better than what you propose: An extreme between a very
low (domain validated) indicator and a very high one (EV) and nothing in
between. Both of them are wrong and certainly not sufficient for todays
needs.
Only insofar that if you know a lot about a person, they are more
likely to deal with you honestly.
But identity validation isn't about honesty, trustworthiness. More than
that, EV doesn't validate identities, but organizations. The relevant
person involved in the issuance process can be fired the next day. You
don't know nothing about a person really. And I personally tend to trust
persons more than companies.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
