A couple of points: First, you (and I think Ian as well) are confusing two separate proposals. Gerv has proposed keeping track of SSL history (i.e., a list of https URLs visited, hashed for privacy), so the browser can alert people when they visit a new SSL site they haven't been to before (e.g., a phishing site that purports to be the banking site they visit regularly). For the record, I think this proposal is worth considering.
I should add that I'm not proposing moving to an SSH-style security model. This is merely an additional indicator that, in most circumstances, should be able to warn a user that something a bit funny is going on.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
