Hi Kyle, Welcome to the list.
On 4/21/05, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > [Note: I joined the list very late in the game, and didn't see the > original message. This is my reaction to seeing it now, and my > thoughts on the concepts involved -- please feel free to bring me > in-line with the actual objectives.] Unfortunately, you have mistaken the actual request. Currently, when you visit an SSL web site that presents a certificate signed by an unknown CA, Firefox presents a modal dialog box, alerting you to a possible attack. If you accept the certificate for the current session, Firefox displays the site as a normal SSL site, with the lock icon and domain name in the status bar, and a lock icon and yellow background in the location bar. I would like this UI changed so that no alert is presented, but neither are the lock icons, nor the domain name, nor the yellow background. Essentially, the UI would look just like it does when you visit an HTTP site, instead of an HTTPS site. The UI would not claim that the page is in any way certified, but also wouldn't flag it as a possible attack. With this neutral UI, we can then extend Firefox with new accreditation mechanisms, such as the petname tool. See: http://petname.mozdev.org/ Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
