On 13/04/15 18:40, DDD wrote:
> I think that you'll need to define a number of levels of security, and decide 
> how to distinguish them in the Firefox GUI:
> 
> - Unauthenticated/Unencrypted [http]
> - Unauthenticated/Encrypted   [https ignoring untrusted cert warning]
> - DNS based auth/Encrypted    [TLSA certificate hash in DNS]
> - Ditto with TLSA/DNSSEC 
> - Trusted CA Authenticated    [Any root CA]
> - EV Trusted CA               [Special policy certificates]

I'm not quite sure what this has to do with the proposal you are
commenting on, but I would politely ask you how many users you think are
both interested in, able to understand, and willing to take decisions
based on _six_ different security states in a browser?

The entire point of this proposal is to reduce the web to 1 security
state - "secure".

Gerv


_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to