Duane wrote:
Nelson B wrote:
and that the user will have NO security thereafter, and should turn
off the lock to make the point.
But that's just as misleading, just because the certificate isn't in the
browser doesn't mean there is no end to end security, this isn't
something that can easily be shown as either on or off, I disagree with
the whole binary security thing, security isn't binary, it's a whole
bunch of grey...
When we have a cert from a known CA, then "it's a whole buunch of grey"
and (IMO) the solution to that grey is branding. But without a cert,
or when the cert is from an unrecoginzed issuer, it's BLACK, not gray.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
