On 4/21/05, Gervase Markham <[EMAIL PROTECTED]> wrote: > Tyler Close wrote: > > I think it's important that any UI not be pejorative, as the current > > UI is. If the UI is pejorative, it will encourage people to just use > > plain HTTP and forgo the encryption and key-exchange offered by SSL. > > Firefox should not convey the impression that an HTTPS connection with > > an unknown CA is more dangerous than an HTTP connection. > > It should not convey the impression that it's more, but it should not > convey the impression that it's less.
That's fine. > Encryption protects you from unknown people eavesdropping on your > conversation. How useful is that protection when you have no way of > knowing who you are conversing with? And that's why I propose this as the first step in a two step process. The second step is including the petname tool in Firefox. With the first step in place, it becomes possible to explore other ways of knowing who you are conversing with. But without the first step, the way forward is blocked. A public CA system is not the only solution. Let's unblock the way for alternate solutions. Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
