Frank Hecker wrote: > Ram A M wrote: > > I don't know how many levels of bars there needs to be but I see a risk > > to the user in presenting the less robust or lower auth offerings to > > the user in such a way that they recognize it as a 'safe for banking.' > > This I think is the key question we need to look at: How to > differentiate different types of SSL/TLS applications (low assurance vs. > high, banking/e-commerce vs. "casual" use, etc.) while not either > violating user's existing expectations or overly confusing users. > > One approach proposed is CA branding, ... > Another approach is to provide some sort of UI indicator
I agree in principle with your proposal - bucketizing trust indications for the users. The big questions I see are the evaluation criteria, the UI mechanics, and the migration strategy from current to proposed. Looks like you started a thread on the topic -> I'll move there though not right now... back to work _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
