Ram0502 wrote:
That's an interesting suggestion, it provides the same kind of authentication for HTTPS as the above does for secure email. If the session is initiated by the CA this proves the ability to control the host at the specified location. I wouldn't give them my CC# but it does create a relationship. I wouldn't provide any sensitive information to them as they could be hard to track down if were facing fraud as presumably I wouldn't know their identity.
But what if the certificate is only used to protect passwords for webmail and doesn't need the ability to be found for fraud?
Binary security can't deal with both situations simutaniously and adequately, it needs to indicate visually the level of security...
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto