On 3/30/12 6:47 AM, ianG wrote: > I've been asking them for years to add the CA's name to the chrome. > But they still don't. Thus totally mangling any concept of who is > saying what to whom when why whether.
Most of the time I think that'd be a good idea, too. We sort of have it, but not "at a glance" -- you have to hover over the identity button or actually click it to see the CA. If we did, though, which CA do we use? There's no space to show the whole chain so our choices are the immediate EE issuer (which could be faked if some other CA were badly compromised) or the root which may not be all that useful. Of the two I'd pick the root as most reliable It wouldn't be that meaningful to most users (what is it? am I expected to remember what it says on each site? should I worry if it changes? sometimes sites do change legitimately so how do I tell?) which is why our UX designers have kept it out of sight. -Dan Veditz _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security