Ian G wrote: > Nelson B Bolyard wrote: >> KCM would not have helped. > > > I agree, KCM would not have helped. In both cases, the warnings are > delivered, and the user is given the responsibility for the overrides.
I was thinking about this, and actually, KCM would have helped here. If you look at the two cert viewers side by side, then there is a clear difference: https://bugzilla.mozilla.org/attachment.cgi?id=343662 https://bugzilla.mozilla.org/attachment.cgi?id=343663 Now, this info and the difference is available to the browser, which operating in KCM mode. It would be an easy thing to display the two certs, and the differences highlighted, perhaps in red or somesuch. Especially, if the bad one said "Self-signed cert, can be made by anyone" the trigger might have been there. This approach actually works much better because the KCM and PKI would be working together, they would augment each other's protections. iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
