Eddy Nigg (StartCom Ltd.) wrote:
Right! I think the "Authenticated by" is not the most important perhaps (And I'm saying it and run a CA ;-)). I like the approach Opera took for example, with showing to whom the certificate is issued in the address bar and a click on it brings a window with all important details about the holder and the issuer of the certificate. Certainly worth looking into a similar option for FF.
But (and I feel like a broken record) we should only display this information if there's some chance it'll be correct. And we're back into the "how good are current organisational vetting procedures?" question which EV is supposed to deal with.
Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
