Today, mozilla has a set of "trust flags" for each CA cert stored in
the profile, or in the "built-in" root CA list.
For each such CA cert, there are effectively 3 trust flags
(there are more, but only 3 are exposed through the UI)
which are:
trusted to issue SSL server certificates,
trusted to issue S/MIME certificates, and
trusted to issue "object signing" certificates.
(object signing refers to signing of downloaded java and javascript)Each of these is binary, represented as a checkbox.
One could imagine that instead of binary, these have levels of trust. I would initially propose three levels: High assurance (banking, e-commerce) Low assurance (when no money is involved). No assurance (untrusted.)
CA's would come with preconfigured levels of assurance, just as they do now, but there would be 3 levels, not 2.
I would propose that when viewing a web site with a low assurance root CA, some kind of large ugly icon be displayed in the chrome, with a "tool tip" that says something like "This web site may or may not be who they say".
I would also propose that for email settings (e.g. SMTPS, IMAPS), the user would have a way of telling mozilla, "only allow the connection to this server if the root CA for it is (.) high, ( ) low assurance."
This is mostly a PSM change. NSS would answer the question: "is it trusted at all?" (as NSS does now) and PSM would have to seperately determine (perhaps through a separate NSS function call) the level of that assurance.
This might allow the mozilla foundation to ship CA certs whose full trustwrthiness cannot readily be determined.
Whaddaya think? [I expect to be called a heretic.]
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
