Steffen Schulz wrote, On 2007-12-07 19:50: > On 071208 at 01:25, Nelson Bolyard wrote: [snip] >> Do you have a companion bug/RFE for adding the necessary UI support to >> PSM (Personal Security Manager), the Mozilla software component that >> does UI for crypto-related issues? Having SRP in NSS won't do much good >> unless the necessary UI is also present.
> No patch as of now. Larry from FF3 displays the identity of the server > as the main aspect, but with SRP there may be mutual authentication but > no certificate information at all. I also personally dislike Larry. > > Now if I write a PSM patch, I'd have to integrate it into the existing > security interface. A lot of fuss about sth that is IMHO inherently > broken. If FF doesn't have any built-in UI for SRP, I think I have a harder time justifying the inclusion of SRP in NSS. I think it's a feature that would be included exclusively for use in the browser, so if the browser can't use it "out of the box", there may be push back on it. > So the plan was to create a FF extension instead. One that 'fixes' how > the security status is displayed(and perceived, hopefully), and also > includes some other ideas with regards to phishing attacks. Then > the patch against PSM should be very small if needed at all. I hope > this way it will be easier to settle on the way the security interface > should work and it may also help to evaluate how some other ideas > perform. Easier? Because it's easier to obtain forgiveness than permission? :-) [snip] > Regards, > /steffen Regards, /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
