- From: Ryan Sleevi <sleevi@google.com>
- Date: Sun, 15 Feb 2015 21:12:13 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
On Sun, Feb 15, 2015 at 6:30 PM, Mark Nottingham <mnot@mnot.net> wrote: > CA certs and extensions are built into all of the major browsers. This is demonstrably not true. Chrome (on most platforms), Opera (post-Blink) IE, Safari, and Firefox (as packaged by every major Linux distro, but not as distributed by Mozilla) all treat CA certificates as part of the OS/operating environment, much in the same way that name resolution is. Of those that distribute certs in-band, this is only Firefox (as distributed by Mozilla) and Opera (prior to Blink). I realize I'm ignoring a large swathe of UAs in that mix, but I think if we're going to use terms like "all major browsers", then it's worth noting how incorrect this statement is. > Because this is a question of how the Web is presented to and understood by end users, Having the W3C issue findings on how the Web presents security indica has historically gone over like a lead balloon (c.f. http://www.w3.org/TR/wsc-ui/ )
Received on Monday, 16 February 2015 05:12:41 UTC