Re: Re: [Epiphany] 1.2 plan revisited

From: Robert Marcano <robert marcanoonline com>
To: Piers Cornwell <piers myrealbox com>
Cc: epiphany mozdev org
Subject: Re: Re: [Epiphany] 1.2 plan revisited
Date: Mon, 27 Oct 2003 16:11:04 -0000
On Mon, 2003-10-27 at 11:30, Piers Cornwell wrote:
> Robert, what do you think to just implementing User Certs first?

I really think that we should implement all three options (personal,
server, CA), i don't like to write the code and UIs designed for
personal certificates, and when the times comes to implement the other
types noticing that the current UI does not mixes well with the changes.
(the code to manage CA is not really much different to thoe other types,
the only addition is a different properties dialog)

Read below about the CRLs/OCP issue

Note: my bank certificate install a CA too if I import it from a PKCS12
file in mozilla

> 
> Had a quick look at your mockups for PDM/CA managing: I couldn't see anywhere to set the master password -- were you thinking of putting this somewhere else?

Opps i forgot that on the mockups, in the patch, the certificate manager
dialog has a dialog button called "Password" or "Master Password" (I
don't remember ;-) but does nothing yet)

> 
> Also, I don't really like having the "Manage Certificate Authorities" button visible when you're viewing User Certificates (since it's not relevent there).
> 
> Also, what does the "Properties" button do?

Depends of the certificate type, you can select if you trust it (for
example self signed server certificates) or to indicate which types of
certificates can it be used, for example a CA certificate can be
configured to only be used to thrust web server certificates

> 
> Marco, on a sidenote, i think we can ignore everything about CRLs/OCSP for now. In the long term future we could have some logic whereby if the user is online and the certificate specifies an OCSP location, we could validate against that.

The existence of CRLs and OCSP make one point in favor of a separated
Certificate Manager dialog (maybe not now, but if implemented), if we
integrate with PDM we may find everything scattered in many parts, like
currently is in mozilla, CRLs are not managed in the same Certificate
Manager dialog but in another preferences dialog tree item

Central location of all activities related to certificates is my
preferred UI, that is the reason i put the "Manage CA Certificates" in
the PDM mockup, I really will not like to do the following when removing
my bank certificate:

1- Open the PDM dialog in order to remove my personal certificate
2- Open the dialog where the CAs are managed in order to remove my Bank
CA Certificate (at least not outside the PDM dialog)

Maybe we could implement a Certificate Manager following the history
dialog layout

-----------------------------------------------
Menu Bar with actions (Remove, Properties, etc.)
-----------------------------------------------
Personal | Certificate A
Server   | Certificate B
CA       | Certificate C
CRLs*    |
...      |
...      |
         |
         |
         |

* for future extension

PD: From the last week my bank web site does not requires a user
certificate anymore, so I don't need this patch .... just kidding, i
really want this feature implemented

> 
> Thanks,
> 
> -Piers
> 
> -----Original Message-----
> From: Robert Marcano <robert@marcanoonline.com>
> To: Piers Cornwell <piers@myrealbox.com>
> Date: 27 Oct 2003 09:29:26 -0400
> Subject: Re: [Epiphany] 1.2 plan revisited
> 
> On Sat, 2003-10-25 at 08:06, Piers Cornwell wrote:
> > Hi,
> > 
> > I think it makes sense for us to kick off by supporting User 
> > Certificates. We can do this without worrying about website and CA certs 
> > for now.
> > 
> > As background, you may want to read Marcos certs overview here:
> > http://www.gnome.org/~marco/security-spark.html
> > 
> > The general user model for User Certs is layed out here:
> > http://www.sparknet.pwp.blueyonder.co.uk/user-certs.htm
> > 
> > A concept for the main bit of UI involed:
> > http://www.sparknet.pwp.blueyonder.co.uk/certui.txt
> > ...this doesn't include the dialogs that simply ask you for the password 
> > - it should be fairly obvious how they'd look.
> > 
> > This is pretty similar to Roberts previous UI mockup 
> > (http://bugs.gnome.org/showattachment.cgi?attach_id=20406) but 
> > integrated with PDM. Robert: Is it possible to just have a list of certs 
> > instead of Mozillas treeview?
> 
> I captured a proposal of a PDM integrated Certificate Manager (files are
> attached to the bug). I separated the CA certificates to a different
> dialog in order to show to the user only the basic certificates
> (personal and server). It follows the same pattern that is used in the
> settings dialog for the language selection: let the user select a
> language but more advanced settings are managed by a different Languages
> Dialog
> 
> The current patch does not show the certificates as a tree, i thought
> that it is not useful to look them as as tree because simple actions
> like ordering by name/description can not be done in an easy to read way
> 
> 
> > FYI, screenshots of the user model given above in Internet Explorer:
> > http://www.sparknet.pwp.blueyonder.co.uk/ie.htm
> > 
> > Comments, suggestions?
> > 
> > Thanks.
> > 
> > -Piers
> 
>
References:
- Re: Re: [Epiphany] 1.2 plan revisited
  - From: Piers Cornwell
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]