[TrustBar] [Fwd: Re: Low assurance SSL CAs]
Ian G
iang at iang.org
Tue Feb 22 15:51:21 EST 2005
Duane wrote:
>On Tue, February 22, 2005 20:15, Amir Herzberg said:
>
>
>
>>I am very supportive of your first proposal. In fact, what TrustBar
>>already does is allow the user to select name/logo for each CA (by
>>default this is the name of the CA, or logo if it is a CA we took the
>>trouble of putting the logo in our code - currently only for VeriSign
>>but we hope to add few more soon; and it is very easy to select a logo
>>by the user). This already allows user to distinguish between more
>>trusted and less trusted identifications (e.g. by verisign cf. to by
>>some of the less careful CAs - and many CAs make very limited
>>validations).
>>
>>
>
>Any chance of adding a logo for CAcert by default as well? :)
>
>
Duane! Don't ask for these things... Just do them!
Download the plugin, figure out what size logo is
applicable by copying the VeriSign sizes, and send
the appropriate set to Amir and Ahmad.
:-) In all seriousness, Amir and Ahmad haven't the
time to create a policy as to how to do all this, so
do the heavy lifting for them; get your logos over
to them, and help them by trialling the TrustBar
so configured with your users.
[ I suppose someone has to figure out how to bind the
logo to the root cert. Some sort of sig process would
be nice. It's not essential, it can be simulated by the
product distributor just including them in the package
(now WebTrust, later on Mozilla). Something for the
future. ]
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the TrustBar
mailing list