I expected to be called a heretic for this proposal by some of my
coworkers on NSS/PSM, some of whom have previously expressed the view that
there is no point to multiple levels of CA security. They might say it
as "if you're going to tell the user that the security is dubious, then
why bother to claim its secure at all?" I have no good answer to that.
They probably just haven't read this proposal yet. :)
Still an issue either way, I doubt many CAs would like these things happening to their certificates as it's the warning meesages now that causes issues like that, so perhaps your co-workers are right, and the existing system of trust or no trust is still the best way of instilling things, perhaps just a better way of explaining what an untrusted certificate is, and how that you will be still encrypted just not a valid CA etc etc etc... I'm sure there are much more articulate people out there working with the MF that can come up with something for this...
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
