Well, for one thing, it would be the browser asking, not the page. And the cookie UX for these EU sites seems like an anti-pattern anyway.
To echo Gerv's point: How is the user supposed to evaluate whether to trust the EU list? Sent from my iPhone. Please excuse brevity. > On Jul 7, 2015, at 05:46, Ben Wilson <ben.wil...@digicert.com> wrote: > > But how different would it be for the end user to accept a single pop-up for > an EU trust list (based on IP address) from the multiple EU cookie pop-ups > that web sites present? > > -----Original Message----- > From: dev-security-policy > [mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On > Behalf Of Gervase Markham > Sent: Tuesday, July 7, 2015 6:13 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Letter from US House of Representatives > >> On 06/07/15 17:44, Ben Wilson wrote: >> Thanks. I realize/think that this would require a separate root >> program. If you think of it as a Venn diagram there would be Set A >> and Set B. The user would then select A, B, A U B or A ∩ B. > > The trouble with this is that, while it makes sense to you or I, Mozilla is > not keen to ask users to make decisions where they have no meaningful > understanding or basis on which to make that decision. I cannot imagine a UI > for "select the lists of CAs you trust" which would enable a user to make a > meaningful decision, or realise when something breaks that it was a > consequence of their previous decision. > > This is why we have a root program, rather than a startup wizard with > 100 CA checkboxes to review :-) > > Gerv > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
