And, BTW, this applies to any use of these certs, not just https. It also applies to POP, IMAP, SMTP, IMAP and whatever, when run over SSL. So the UI challenge is greater than merely for the browser's chrome.
You're not kidding. This is a really nasty UI problem.
As there is no technical way of enforcing the limit, for enforcement to mean anything, we have to present the limit in the UI in a way which:
- allows the user to work out what it means
- convinces the user that they should not perform transactions greater than it
Both of these are very difficult. I know that, as a user, if I want to buy �205 of books from Amazon, the fact that my browser has a little �200 displayed somewhere would make no difference whatsoever.
Also, what if the value is in euros, for example, and I'm in the UK, and the site accepts either currency? We may need to contact a currency conversion web service in order to make the UI meaningful. Or have the converted value as a tooltip.
For Firefox and Mozilla, it seems that the only sensible place to put it would be next to the lock in the status bar.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
