Ian G wrote:
On 29/1/09 19:24, Nelson B Bolyard wrote:
Ian G wrote, On 2009-01-29 10:01:
[...] when firefox trips
over a cert, it could show something like that.
| There is a problem with this cert!
|
| ==> *The cert was not issued by a known CA*<==
| The cert has expired or is not yet valid
| [...]
You want the browser to show a list of all possible things that
can go wrong, including the ones that are irrelevant to the current
situation, but highlight the relevant ones?
How is that an improvement over showing only the relevant issue(s)?
* if you show a selection of items, then the user tends to read the
actual selection, read some of the others, and then think about what
that means.[...]
I'm not convinced still that « not issued by a known CA » would mean
anything for Joe Shmoe. And that's the target we should aim for.
Don't take it wrong. I'm strongly in favor in bringing information, but
finding what information will be actually useful is *hard*.
Maybe the best is a link to an on-line help ressource that will help Joe
Shmoe understand that a caCert issued cert on a Debian ressource site is
not a big deal, but that this self-signed cert on a home equity loan
site that ask him his bank account info *is*.
The best solution will still be as much as possible be to not bring out
a warning if there's not actually an attack : "Don't cry wolf" !
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
