Ben Bucksch wrote:
> Forgot some pages:
>
> Plan <http://www.mozilla.org/projects/security/pki/psm/plan_20.html>:
>
>> 1. No *nicknames*. The user will not be able to name or rename
>> certificates. From the user's point of view, there is no longer
>> any such thing as a "certificate nickname". Instead, the new UI
>> should show enough information about a certificate that
>> nicknames are not necessary.
>>
>
> Why no nicknames? We can name accounts in Mailnews, too, despite the
> fact that we have username and servername. Remember that there might be
> places where the user has to select a certificate often and/or with
> limited UI space (e.g. in Mailnews Composer).
In older versions of Communicator, there was a step in the certificate
enrollment process where the user was asked to name his/her newly issued
certificate. Although this gave the user some flexibility, it mostly
casued problems. Users would sometimes choose non-descriptive names
that would cause Help Desk problems down the road. It also added extra
clicks to the certificate issuance process. More clicks meant higher
Help Desk costs. And there was no way to rename the cert, so whatever
you chose stuck with you forever.
We eliminated that ability for most cert enrollments (around C4.6 or
so?), and instead chose the nickname for the user (e.g. "Robert Lord's
Verisign ID"). (There are ways to override that default with Javascript
if the CA administrator wants to.)
In any event, we should be able to be descriptive enough in any
situation that we don't need to let users select nicknames. I'm sure we
can come up with some reasonably good ways to keep the length reasonable
when pressed.
>
>> The CA should be displayed in the chrome during SSL connections.
>
>
> In Page Info or the main browser window?
I'd like for the Issuer to be visible in the browser chrome during SSL
sessions. In N6.0 it shows up as a tooltip if you're able to mouse-over
the little lock icon. It should of course also be visible in Page Info.
>
>> 1. *Password quality* meter will teach users to select good passwords.
>>
>
> Good idea
>
>
> UI texts
> <http://www.mozilla.org/projects/security/pki/psm/pip_ui_elements.html> :
>
>> Netscape internal security device,
>
>
> Please remember that Netscape is only one of many users of PSM. Make
> sure that it is easy to replace / remove all instances of "Netscape".
I use "Netscape" in these demos, but assume that's a variable. When the
application is "Mozilla", the app displays that string. Same for Beonex.
>
> *How* do
>
>> Allow Netscape to update your CAs automatically from Netcenter
>>
> you want to push new CA certs to users? Does PSM poll a server each day?
> (BTW: again: Beonex users don't want to get certs from Netcenter.)
This is a future feature. It won't show up until after PSM 2.0. You'll
be able to tune it for your customers.
-Bob
--
Bob Lord
Director, Security Engineering
Netscape Communications Corp.
http://www.mozilla.org/projects/security/pki/
http://people.netscape.com/lord/open-reqs.html
