Gervase Markham wrote:Therefore, a "good thing" (merchants switching CAs), as defined by this strategy, has almost exactly the same UI effect as a "bad thing" (spoofing). This is deeply concerning.
Right, it is up to the merchant to manage that
process, and the user to be aware of better
branding.
But the merchant can't manage the process, because the user is supposed to be using the cert to assess the trustworthiness of the merchant's statements. After all, how would you react to a website which said "Don't worry that your browser now says Foo CA - we've switched CAs! Honest!".
Or do you envisage a bank paper mailing all its customers to notify them of the CA switch?
A switch from bad cert to good cert is similar in general appearance to good --> bad. This means we have a good signal, and a bad signal.
And both signals are very similar - unless the user is so CA brand-aware that they know that CAs A, B and C are currently considered dodgy, but D, E and F are riding high, so A -> D is good but F -> C is bad.
The level of brand and market awareness you are requiring from an average web user is far above their awareness of almost any market, even ones in which they are deeply involved.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
