Duane wrote:
But how can you trust a process going on behind closed door and excluding everyone else?
We're not developing security protocols, we're developing best practices and UI. And I am very strongly of the opinion that there needs to be a public review process, and have made that point and will make it again.
Further more another example of what I'm talking about was with Comodo trying to lock trust bar into their patents, for US businesses this seems to be business as usual, the only thing surprising me is the Mozilla guys falling hook line and sinker for it... No wonder Gerv didn't want blogs and/or slashdot postings about it, it would blow the lid of the entire thing at how Mozilla is selling out it's user base to the same vested commercial interests it's supposed to be an alternative for!
Well, it's certainly this sort of unfounded paranoia that probably would blow the lid off the embryonic ground-breaking collaboration we've managed to achieve. Do you think all the browser makers collaborate regularly? So go ahead, shoot your mouth off, create a security scandal - some large company will rush out a patch containing the best UI that comes to mind, and we'll all have to copy it if we want consistency.
At the moment, phishers aren't using SSL. This gives us breathing space to reinforce it so that when they do, we'll be ready. That's what I hope to take advantage with this work.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
