Re: [Epiphany] Security/Certificates design

[Robert Marcano <robert marcanoonline com>]

On Sat, 2003-10-18 at 16:22, Marco Pesenti Gritti wrote:
> On Fri, 2003-10-17 at 11:42, Robert Marcano wrote:
> > On Fri, 2003-10-17 at 17:11, Marco Pesenti Gritti wrote:
> > > So I did a bit of work on the long time ago proposed document on
> > > security. You can see it at:
> > > http://www.gnome.org/~marco/security.html
> > > 
> > > As showed by spark feedback on it, there is still a lot of work to do.
> > > http://www.gnome.org/~marco/security-spark.html
> > > 
> > > Though I'd be happy to hear opinions, analysis on the possible problems
> > > etc...
> > > 
> > > Unfortunately I'm being very busy these days with a lot of other things,
> > > maybe someone want to take it in his current draft status and work on
> > > the problems. Note that there is still no mention of the exact
> > > interface. It's just an analysis of the conceptual model and of the user
> > > tasks. I think we want to be more mature on these before starting to
> > > talk of an user interface implementation ...
> > > 
> > > Marco
> > 

....

> > 4) Edit the list of autorithies
> > 
> >   Many banks issue certificates, but not use a known certificate
> > authority, they act as the certificate authorite. So when i import my
> > bank certificate using a PKCS12 file, it installs the bank certificate
> > as a CA certificate. Installation and Removal of this is needed on
> > intranet sites too that has internal certificate authorities
> 
> Yeah. My main concern here is to expose CA Root Certificate thing.
> Both terminology and logic (hierarchy of certificates) are very hard to
> understand.
> 

An important aspect that i noted with mozilla is that CA distributed
with it can not be removed, the call to the remove method is sucessfull
but it never removes it, neither sith the root user