* Brian Smith: > The first question is: Should we change our UI to be the same as > other browsers? My answer is no. It *is* a good idea to show the > root certificate's organization name in this part of the UI. But, it > is also important to show all the intermediate organizations' names > in this part of the UI too. See the recent TrustWave incident for > motivation. If others agree, then I will file a bug about > implementing a change to display the O= field from all CA > certificates in the chain in this UI.
I don't think this is really helpful because intermediate certificates often use pseudonyms or really misleading names. A typical chain looks like this: AddTrust External CA Root AddTrust AB UTN-UserFirst-Hardware The USERTRUST Network EuropeanSSL Server CA EUNETIC GmbH Currently, the left-hand chain is shown in the certificate dialog, and "EUNETIC GmbH" (which is not a pseudonym, unlike the rest) is shown by the certificate information attached to the URL bar. Speaking of the URL bar security information, the "which is run by" label in the EV information is quite misleading because the EV process does not ensure that the certificate subject runs the web site. There are even a few cases where the web site owner emphatically denies that they are controlled by the certificate subject! > The second question is: Should we change the string in the display > of the *root* certificate from "VeriSign, Inc." to "Norton." My > answer is no, because AFAICT this field should contain the legal > name of the organization that owns the root certificate. This is very desirable indeed, but it's a lot of work if intermediate certificates are to be covered as well. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto