> From: Tom Metro [mailto:[email protected]]
> 
> I think what would be practical is not eliminating all the obscure CAs,
> but having the cert validation area on the address bar show orange or
> yellow or something to indicate that a valid cert was found, but that it
> was issued by a less known provider, 

I would be in favor of eliminating the Chinese government from the CA list.

The color indicator indicating "how much" I trust some particular CA isn't 
practical, but the problem extends a little further - There are class 1 and 
class 2 certs, and higher, but of course there's no differentiation 
client-side.  It's simply "Ok" or "Not Ok."  So the question of "how much I 
trust" some particular cert is an interesting question - extending not just to 
which CA issued the cert, but other factors as well, including the class of the 
cert, the cipherspec, key strength, etc.

It would be interesting to come up with some meaningful indicator or behavioral 
difference client-side, based on level of trust for a given cert.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to