On 4/14/05, Gervase Markham <[EMAIL PROTECTED]> wrote: > Several discussions recently have made me think that we need a metadata > system for root certs - high/low assurance (for want of better words), > etc. We could also have a domain whitelisting system where, for example, > the Chileian-government-approved CA was only enabled for .cl domains.
I think a much cleaner, secure and scalable solution to this problem is to: 1. As Frank previously suggested, make SSL sites certified by an unknown CA have the same UI features as an http:// site. 2. As I've suggested, make the petname tool a default part of the browser UI. Is there a use-case where this arrangment would produce undesired effects? Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
