Ben Bucksch wrote:
That was my point! Thus, we cannot use a "generic UI" (like "green" or
"good") as you suggested.
I haven't suggested any UI. I use the green bar as an example regularly
because that's UI that actually exists, and it's much easier to talk in
concrete rather than abstract terms.
The discussion of what UI we might use, if any, is going to happen in
mozilla.dev.apps.firefox.
If we show it, and the checks were not performed properly by the CA,
and the CA disclaims liability, the users will be mad at us or the
Internet as a whole.
If the checks were not performed properly by the CA, the CA is liable.
No. If they follow the guidelines, they disclaim liability.
Then the checks have been performed properly. You can't have it both
ways. The CA can't both "not perform the checks properly" and "follow
the guidelines".
Same goes with you, BTW. You said you would have liked to see
signatures, but you keep arguing against it. Just because somebody said
it will cost hundreds of dollars?
You mean site visits? They are in there for some circumstances, but not all.
Gerv
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
