All right, but what's this about then: http://multizilla.mozdev.org/screenshots/features/spoofing/new-ssl-site-bim.jpg Could you enlighten me?
That's HJ's proposal - you'd need to ask him about that. But I don't think it fits your definition. Maybe I'm wrong - after all, he misunderstood my proposal, so maybe I've misunderstood his.
What's proposed is a list of trusted (or untrusted) TLDs, set by us.
Trusted not to allow homographed domain names, right?
Yes - by audit of the registry's policies, and other measures.
Nice concept, but this still assumes the user will consciously look at the address bar to check the domain although there is no UI indication that tells him to do so.
Not the address bar, the security UI in the bottom right.
If the user blindly types their CC details into any web form which asks for them, I'm not sure there's much we can do to help.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
