- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 16 Feb 2015 16:31:56 +1100
- To: Ryan Sleevi <sleevi@google.com>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
> On 16 Feb 2015, at 4:12 pm, Ryan Sleevi <sleevi@google.com> wrote: > > On Sun, Feb 15, 2015 at 6:30 PM, Mark Nottingham <mnot@mnot.net> wrote: > >> CA certs and extensions are built into all of the major browsers. > > This is demonstrably not true. > > Chrome (on most platforms), Opera (post-Blink) IE, Safari, and Firefox > (as packaged by every major Linux distro, but not as distributed by > Mozilla) all treat CA certificates as part of the OS/operating > environment, much in the same way that name resolution is. Of course. I was more referring to the fact that they're available when using all browsers. > Of those that distribute certs in-band, this is only Firefox (as > distributed by Mozilla) and Opera (prior to Blink). > > I realize I'm ignoring a large swathe of UAs in that mix, but I think > if we're going to use terms like "all major browsers", then it's worth > noting how incorrect this statement is. Noted. It'd be great if you could address the overall topic, rather than picking at terminology, building straw men, etc... >> Because this is a question of how the Web is presented to and understood by end users, > > Having the W3C issue findings on how the Web presents security indica > has historically gone over like a lead balloon (c.f. > http://www.w3.org/TR/wsc-ui/ ) Yep, I know. W3C has done many things wrong in the past. It's also learned how to do some things right in the meantime. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Monday, 16 February 2015 05:32:24 UTC