Brendan Eich wrote: > One thought I had the other week is to enable privileges implicitly > based on "latent trust": site has good CA-signed cert, you've connected > with SSL, you've got a password saved for this site, you are logged in. > > Such a site could have some awesome powers, but not super-powers.
Like access to the clipboard, for example? This might be a good use for the new enhanced validation CA certs. If we can be certain the cert has data in it allowing the owner to be tracked down, we can have more trust that he's not up to anything nefarious. Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
