I'm not sure what your objection to brand is?
You continue to assert that I "object to brand". I'm well aware of the power of branding in people's lives; I'm also aware that very often brand perception doesn't match reality, that branding favours those with large marketing budgets.
Several people on the list have commented that Verisign have not behaved well as a CA. Regardless of the truth of those claims, I assert that if CAs were strongly branded in the browser UI, and someone did a survey, Verisign would be the brand with the highest level of trust, because they have the marketing dollars to send that message.
That's not my only objection, mind you - you can add that one to the previous ones I've outlined about user confusion when something changes.
Let me put it another way. What would be the damage of putting the brand of the CA on the chrome? What would be the hurt?
A loss of real estate?
That's one key factor. There's limited room in the status bar, and I want to try and restrict the security UI to that area to get a good balance between security needs and the needs of web apps. If there's other information we want to be displaying (the words "first visit" or "new site", for example).
Note that ideally our security UI would be fully visible on the smallest possible popup, which I believe is either 100 or 150px wide.
If that's the only loss,
It's not. The other loss is in increased complexity. The longer a user has to consider the security UI, the less likely they are to bother to look at it at all.
I have to admit I really have a problem in
dealing with that, because phishing costs
a billion a year and rising.
That's a straw man - you're assuming that this will have an effect, and it would have a greater effect on phishing than other things we could do in that space.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
