- From: timeless <timeless@gmail.com>
- Date: Sun, 14 Jun 2015 13:40:38 -0400
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Public TAG List <www-tag@w3.org>
Mark Nottingham wrote: > That’s a good question. I’m not a UX person, and don’t pretend to be one. > My issue is that the user isn’t warned at all, and the default — power to MITM — is surprising, > unless you understand how PKI works. > In a perfect world, browser trust stores would only allow CAs to be installed if they have name constraints (perhaps respecting the public suffix list). > Since that horse has already bolted, it’s more difficult. I don't think it's intractable [1]. [1] https://lists.w3.org/Archives/Public/www-tag/2015Jun/0007.html
Received on Sunday, 14 June 2015 17:41:10 UTC