On 31 December 2012 10:18, Kai Engert <k...@kuix.de> wrote: > I propose to more actively involve users into the process of accepting > certificates for domains. > > I envision a UI where users are required to approve once, whether the > combination of a CA and a domain is acceptable to the user. > > The following UI would be shown whenever a user starts a connection to a > secure site, and the site uses a CA that has not yet been approved for > the respective domain (or if the uses a fresh computer or a fresh > browser profile). > > The following UI would only be shown, if the certificate can otherwise > be correctly chained up to a trusted CA - the scenario that we currently > allow to proceed automatically.
* user gets confused: "what the heck is this screen"? * user realizes that pressing yes usually works so just clicks "accept" without reading * user annoyed - "Why did I have to click yes all the time. I'll switch to Internet Explorer." What value was added? -- Eitan Adler -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
