Ben Bucksch wrote:
> Bob Lord wrote:
>
>> In older versions of Communicator, there was a step in the
>> certificate enrollment process where the user was asked to name
>> his/her newly issued certificate. Although this gave the user some
>> flexibility, it mostly casued problems. Users would sometimes choose
>> non-descriptive names that would cause Help Desk problems down the road.
>
>
> Why not offer a good default?
It can still be trouble to give users control over things they don't
understand, even with good defaults. :-)
> Even if you don't want the nicknames: I read it that the nickname
> facility exists. Why not leave the backend intact? If you change your
> mind (or somebody else does), you can easily readd them.
The underlying infrastructure in NSS will still have nicknames.
>
>> I'd like for the Issuer to be visible in the browser chrome during
>> SSL sessions. In N6.0 it shows up as a tooltip if you're able to
>> mouse-over the little lock icon.
>
>
> That's just fine for me. I assume you want to extent that and have it
> displayed directly in e.g. the status bar? Do we have enough place for
> that, considering that the Taskbar might merge with the status bar in
> the future?
I would assume that there's room, but I have not seen any mockups to
know for sure.
In fact did have the CA in the chrome for a while, but a few people felt
that it presented too much clutter. I'd like to get more people's input.
>
> I don't see that the issuer were very important for the user. Why would
> Joe User want to trust a cert issued from VeriSign more than one issued
> from TC Trustcenter or one from a (non-standard) CA that he explicitly
> accepted? Or am I missing something?
The browser isn't making an assertion about a web site; the issuer is.
We'd like to give that information to the user. That will become more
important as more CAs spring up.
>
>> I use "Netscape" in these demos, but assume that's a variable. When
>> the application is "Mozilla", the app displays that string. Same for
>> Beonex.
>
>
> Cool, thanks! :-)
--
Bob Lord
Director, Security Engineering
Netscape Communications Corp.
http://www.mozilla.org/projects/security/pki/
http://people.netscape.com/lord/open-reqs.html
