[16793] in cryptography@c2.net mail archive
Re: Can you help develop crypto anti-spoofing/phishing tool ?
daemon@ATHENA.MIT.EDU (Daniel Carosone)
Wed Feb 2 22:28:55 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 3 Feb 2005 11:00:36 +1100
From: Daniel Carosone <dan@geek.com.au>
To: Amir Herzberg <herzbea@macs.biu.ac.il>
Cc: cryptography@metzdowd.com
Mail-Followup-To: Amir Herzberg <herzbea@macs.biu.ac.il>,
cryptography@metzdowd.com
In-Reply-To: <4201340A.3030505@cs.biu.ac.il>
--magLDk5D4XGaUXcd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Feb 02, 2005 at 10:11:54PM +0200, Amir Herzberg wrote:
> We develop TrustBar, a simple extension to FireFox (& Mozilla), that=20
> displays the name and logo of SSL protected sites, as well as of the CA=
=20
> (so users can notice the use of untrusted CA).=20
Other merits of the idea aside, if the user knows the CA is untrusted,
what's it doing in the browser's trust path?
If we're going to assume users are capable of making this decision, we
should make it easier for them to express that decision properly
within the existing mechanism.
--
Dan.
--magLDk5D4XGaUXcd
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (NetBSD)
iD8DBQFCAWmkEAVxvV4N66cRAuXmAJ4kW002g7QLnZCbynSz2habmYEaGwCgnqDy
LTx0jKdA/q3wv0DU8n7zKxo=
=Pip9
-----END PGP SIGNATURE-----
--magLDk5D4XGaUXcd--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
