Re: [Epiphany] Security/Certificates design

From: Robert Marcano <robert marcanoonline com>
To: epiphany mozdev org
Subject: Re: [Epiphany] Security/Certificates design
Date: Fri, 17 Oct 2003 15:46:47 -0000

On Fri, 2003-10-17 at 17:11, Marco Pesenti Gritti wrote:
> So I did a bit of work on the long time ago proposed document on
> security. You can see it at:
> http://www.gnome.org/~marco/security.html
> 
> As showed by spark feedback on it, there is still a lot of work to do.
> http://www.gnome.org/~marco/security-spark.html
> 
> Though I'd be happy to hear opinions, analysis on the possible problems
> etc...
> 
> Unfortunately I'm being very busy these days with a lot of other things,
> maybe someone want to take it in his current draft status and work on
> the problems. Note that there is still no mention of the exact
> interface. It's just an analysis of the conceptual model and of the user
> tasks. I think we want to be more mature on these before starting to
> talk of an user interface implementation ...
> 
> Marco

Nice work. I have a few suggestions

1)User Certificate = rename it Personal Certificates

2)Exchange information with a secure connection. ... We have two forms
of feedback right now: icon in the statusbar (not very visible)

  why not show a different spinner in order to show that the user is
navigating with a secure connection?

3) Import/Export certificates: I'm not sure how many people will use it
and it can create interesting ui issues. But, it's usually possible to
reinstall it right ?

  It is needed for example, Bank website install the certificate a my
work computer, but i need to export and import it to my home machine.
The bank can not give me the certificate again, so if i request it again
it will reissue a new certificate, so my work certificate will now be
marked as invalid

4) Edit the list of autorithies

  Many banks issue certificates, but not use a known certificate
authority, they act as the certificate authorite. So when i import my
bank certificate using a PKCS12 file, it installs the bank certificate
as a CA certificate. Installation and Removal of this is needed on
intranet sites too that has internal certificate authorities

5) I will create a few certificates Personal / Site / CA (using openssl)
in order to you guys practice with them, give me a few days ;-)

> 
> _______________________________________________
> Epiphany mailing list
> Epiphany@mozdev.org
> http://mozdev.org/mailman/listinfo/epiphany

Follow-Ups:
- Re: [Epiphany] Security/Certificates design
  - From: Marco Pesenti Gritti

References:
- [Epiphany] Security/Certificates design
  - From: Marco Pesenti Gritti

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]