-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ian G wrote: <snip!>
|> Ah; we're talking at cross-purposes. I was referring to the plan to |> make it clear in the UI which CA issued a particular cert. | | | | OK. Well, both are required. The Logo that the | user selects *and* the logo for the CA. Ideally, | the logo for the CA should be encoded into the | Cert / signed by it. This limits a false cert attack | to the site's cert supplier, and thus paves the | way to force the CAs to start checking who they | are issuing the certs to.
This sounds pretty expensive to embed a graphics object in each and every cert; perhaps a URL would suffice? (I don't have the relevant specs handy to see if that's already earmarked or not...)
Wren
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCB632A/qR4Uok1vQRAj0wAJ4sPN71O7k//3AgfSQP2ZjLn7JqTQCg/d24 stZr4Q5RqQvbBUKWuXjfrlA= =fiir -----END PGP SIGNATURE----- _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
