[cabfpub] Web Security Context: User Interface Guidelines

Gervase Markham gerv at mozilla.org
Tue Sep 18 13:05:38 UTC 2012

On 23/08/12 23:31, Rick Andrews wrote:
> I'm very curious to hear from Brian, Gerv and Ryan what they think
> about this document, and whether they would consider complying with
> these guidelines.

At least two Mozilla people contributed to that document, so I suspect 
we are generally approving of it. Of course, contribution doesn't imply 
total endorsement, and in general, I'd say that our understanding of UI 
best practice is always (we hope!) improving, and we would not want to 
be bound to a particular static set of guidelines issued at a point in time.

I note that it says: " When, during TLS
> negotiation, the end-entity certificate presented or one of the
> intermediate certificates in the certificate chain are found to have
> been revoked, error signaling of class danger (6.4.3 Danger Messages)
> MUST be used."

Do you think that Firefox doesn't do that?


More information about the Public mailing list