[...]. A user could state "I trust this CA for everything but banking", but ther there would have to be some means by which mozilla could tell when the user was trying to achieve banking, and I rather think that's infeasible. You visit your friend's web page, and he redirects you to your bank's web page. How does mozilla know whether you're banking or not?
The correct pkix/x509 answer to that is policies.
Policies are supposed, if properly used, to enable that sort of things.
You'd establish that such and such policies are to be trusted for such specific use, and then you'd check before that use that one of these policies applies to the cert you're provided with.
Most of the infrastructure needed to see that really work is missing. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
