Duane wrote: > Nelson B wrote: > > > Choosing to be a low-assurance CA is a legit choice, IMO, as long as > > the low assurance CA doesn't then issue certs used in applications > > that require high assurance. > > Is there something that can be done to add extra bits to the server > certs, atm when I see "Class 3" server certificates in the browser it's > purely informational, why not mark those certificates high trust with
> bits in the nss libs and then have the chrome show this information, > maybe instead of a padlock open/closed, have a set of different icons > that show class I agree, I would like to see an indication of the representation being made. > It's really a no brainier to take that 1 step further and issue them > under different root certs etc... That seems to be a defacto standard - public roots tend to be specified with a policy (aka class). _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto