On 09/03/12 17:56, Brian Smith wrote: > The first question is: Should we change our UI to be the same as > other browsers? My answer is no. It *is* a good idea to show the root > certificate's organization name in this part of the UI. But, it is > also important to show all the intermediate organizations' names in > this part of the UI too. See the recent TrustWave incident for > motivation.
I don't have a strong opinion at the moment (although I may develop one - iang's argument seems to me to have merit) on whether we show the intermediate O field or the root one... > If others agree, then I will file a bug about > implementing a change to display the O= field from all CA > certificates in the chain in this UI. ....but I do have a strong opinion that this solution is needless UI complexity. It is our job to find out the most appropriate value to show, and show it; we should not force the entire range on to the user. > The second question is: Should we change the string in the display of > the *root* certificate from "VeriSign, Inc." to "Norton." My answer > is no, because AFAICT this field should contain the legal name of the > organization that owns the root certificate. In this case, it would > be "Symantec Corporation" or "VeriSign, Inc." depending on the new > corporate structure of VeriSign. If Symantec changes the legal name > of this organization to "Norton" then this would be an acceptable and > required change. (However, that is impossible, because US law > requires businesses include "Inc.," "Corporation," "LLC.," etc in > their legal name.) Quite so. The EV chrome is not a marketing tool. > The third question is: Should the UI replace the display of the O= > field of *intermediate* certificates that chain to > Symantec/VeriSign's roots to "Norton" when the value is "VeriSign, > Inc." My answer is no. See the recent TrustWave incident for > motivation. It is important to display the information in the > intermediate certificates exactly as we received it in the > certificate. We have too many more important things to do. And, our > users do not benefit from such a change. See above; I think this question is moot given my answer there. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
