Nelson B Bolyard wrote: > Does it follow from that recommendation that Mozilla browsers should provide > a user-configurable preference to enable/disable the EV UI > entirely? > Should users have the option to disable "Larry"? > Has anyone expressed desire to do so?
I haven't (yet) heard anyone express a desire to disable "Larry". In this regard, I wasn't thinking so much of users wanting or needing the option to disable "Larry". I was actually thinking more of the reverse case, where either we or the end user might want to only accept EV certs from a particular CA. (Perhaps we and/or the end user don't like that particular CA's procedures for non-EV certs). In other words, show the Larry interface for that CA's EV certs, but reject their non-EV certs as invalid, same as if the CA didn't have an embedded root. This is really a question for the future, but it might be useful to think about for long-term NSS/PSM planning. It's sort of a special case of the general problem of having NSS/PSM be able to take special actions (either built-in or user-specified) based on certificate policy values. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto