Ian G wrote:
> Nelson B Bolyard wrote:
>> KCM would not have helped.
> I agree, KCM would not have helped.  In both cases, the warnings are
> delivered, and the user is given the responsibility for the overrides.

I was thinking about this, and actually, KCM would have helped here.
 If you look at the two cert viewers side by side, then there is a
clear difference:


Now, this info and the difference is available to the browser, which
operating in KCM mode.  It would be an easy thing to display the two
certs, and the differences highlighted, perhaps in red or somesuch.

Especially, if the bad one said "Self-signed cert, can be made by
anyone" the trigger might have been there.

This approach actually works much better because the KCM and PKI
would be working together, they would augment each other's protections.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

dev-tech-crypto mailing list

Reply via email to