(Just briefly, the Certificate Authority needs to be shown.
How exactly does this help the average user, who has no idea who "Verisign" are, and whether they should be trusted any more than "VirtuaRoot" (a name I just invented)?
Further,
the cert needs to "tracked" by the browser, and a relationship built
up. I've suggested a usage count (100 times to this site, you must
like it!).
That's a reasonable idea - sort of like a history for certs. But still can't see how you can detect and warn the user of a problem. Do you pop up "New secure site" every time you visit a new SSL site?
Amir and Ahmad have suggested that the user sign off on
the cert and even coded it up,
Again, how on earth do you get the user to make a meaningful decision here?
while Tyler has suggested the use of petnames for the user's idea of what each site is.
We have that - it's called bookmark keywords.
Gerv _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
