Ian G <[EMAIL PROTECTED]> writes: >In other words, this problem is way, way up in the political layer, and I >can't see any way of resolving it. It'd certainly be a good idea to make some >distinction, but it's not a productive area to apply effort. It'd be better >to look at some of the work on secure UI design (e.g. anything by Ka-Ping Yee, >Simpson Garfinkel's thesis, etc etc). Work on the stuff that's solveable and >leave this one as a honeynet for the bureaucrats to prevent them from causing >any damage elsewhere.
Two other bits that I should mention: - Make Herzberg et al's TrustBar a default, built-in part of the browser. - Go to http://www.gerv.net/security/a-plan-for-scams/ and implement the entire list. That will do more for security than any certificate-nitpicking ever will (the anti-phishing list at Gerv's site should be adopted as the #1 - #5 security features to be added to Mozilla/Firefox). After you've implemented those, you can still work on the titanium-plated kryptonite certificate support. Conversely, no amount of diamond-studded iridium certificates will do you any good without anti-phishing/spoofing measures like the above being used. Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
