Steffen Schulz wrote, On 2007-12-07 19:50:
On 071208 at 01:25, Nelson Bolyard wrote:
[snip]
Do you have a companion bug/RFE for adding the necessary UI support to
PSM (Personal Security Manager), the Mozilla software component that
does UI for crypto-related issues? Having SRP in NSS won't do much good
unless the necessary UI is also present.
No patch as of now. Larry from FF3 displays the identity of the server
as the main aspect, but with SRP there may be mutual authentication but
no certificate information at all. I also personally dislike Larry.
Now if I write a PSM patch, I'd have to integrate it into the existing
security interface. A lot of fuss about sth that is IMHO inherently
broken.
If FF doesn't have any built-in UI for SRP, I think I have a harder time
justifying the inclusion of SRP in NSS. I think it's a feature that
would be included exclusively for use in the browser, so if the browser
can't use it "out of the box", there may be push back on it.
So the plan was to create a FF extension instead. One that 'fixes' how
the security status is displayed(and perceived, hopefully), and also
includes some other ideas with regards to phishing attacks. Then
the patch against PSM should be very small if needed at all. I hope
this way it will be easier to settle on the way the security interface
should work and it may also help to evaluate how some other ideas
perform.
Easier? Because it's easier to obtain forgiveness than permission? :-)
[snip]
Regards,
/Nelson
9 messages in org.mozilla.lists.dev-tech-cryptoRe: Comment on tls-srp enhancement?
