Gervase Markham wrote:
Ian G wrote:
"Whose logo is that?
The specific answer is "mine" if the question
is in the context of the TrustBar paper.
Ah; we're talking at cross-purposes. I was referring to the plan to
make it clear in the UI which CA issued a particular cert.
OK. Well, both are required. The Logo that the
user selects *and* the logo for the CA. Ideally,
the logo for the CA should be encoded into the
Cert / signed by it. This limits a false cert attack
to the site's cert supplier, and thus paves the
way to force the CAs to start checking who they
are issuing the certs to.
For the CAs it means that users will start to
recognise the various CAs. This is no difficulty
as they already recognise the existance of
Ford, Intel, Nokia, Virgin, ....
Have I seen it somewhere before?
Yes, I chose it to suit that site.
But, regarding the plan for users to choose logos for their favourite
sites, I'm not convinced by that one, either. It's far too much work,
and they overwhelmingly won't bother.
To be honest, I personally haven't tried it. The
Trustbar codes it up and it has been researched
and trialed on real people (I mean, users, not
techies). The authors reported that the trials
supported their conclusions.
If you have firefox, try installing it and playing
around with it: it is at trustbar.mozdev.org
I do have an alternative solution to that problem I'm thinking about;
I'll post it soon.
This is the place! One of the things to realise about
any of these suggestions is that we need some
amount of experimentation to find the right subset.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
