Gervase Markham wrote:
Both of these are very difficult. I know that, as a user, if I want to
buy �205 of books from Amazon, the fact that my browser has a little
�200 displayed somewhere would make no difference whatsoever.
Yes. Bear in mind that the requirement is
imposed on the CA, nobody else. This is the
same convention I saw in cheque cards, where
the number 50 was often used to support
transactions up to maybe 200, etc. It's the
choice of the merchant and consumer as to
what they do with the additional information
they have available to them. The merchant
is not "required" to pay attention.
Also, what if the value is in euros, for example, and I'm in the UK,
and the site accepts either currency? We may need to contact a
currency conversion web service in order to make the UI meaningful. Or
have the converted value as a tooltip.
Point. People have tried this in the digital
currency world, and generally gone over to
a static conversion. Dynamics cause too
many problems. Unfortunately, a static
conversion makes no sense here as the
cert was created at least days ago...
For Firefox and Mozilla, it seems that the only sensible place to put
it would be next to the lock in the status bar.
What is it you are going to put next to the
lock? It seems to me that the statement is
potentially large and bulky...
You could do half of what I suggested earlier
(and I think it was suggested that IE/Opera
do this) and put a Warning icon next to the
lock that was the same formfactor. Clicking
would then bring up (any) critical display in
a generic form.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
