Lynx-cert will provide a series of menus which are designed to facilitate certificate management. Users will be able to view their personal certificates as well as those site or CA certificates accessible at the time the management facility is invoked. Users will then be able to modify the trust parameters or delete the certificate. The design of this interface was chosen to be similar to the Lynx Cookie Jar. The top-level interface gives a list of the certificates known to lynx-cert.
For example:
Lynx Certificate Management
You have reached the Lynx Certificate Management Page
Lynx Version 2.7.1
NOTE: Activate links to change the parameter specified. Selecting
the leading link will allow the option of deleting the certificate.
Personal Certificates:
JJ Sipbadmin's MIT ID [more]
Certificate Authorities:
MIT Certification Authority (Semi-trusted) [more]
Site Certificates:
student.mit.edu (Untrusted) [more]
If the link on a site or CA certificate is activated, users will be given the option of deleting the certificate or changing the trust level. There are four classes of trust. If a certificate authority or site is ``fully-trusted'', connections to that site will always be allowed with no special notification. If the certificate authority or site is ``semi-trusted'', connections will be permitted but a brief warning will be given first (e.g. in an alert bar.) Connections to ``untrusted'' sites are disallowed outright. Finally, a site may be configured to prompt the user to either allow the connection each time.
The ``more'' link is linked to a page with specific information about that certificate:
Lynx Certificate Management
You have reached the Certificate Information Page
JJ Sipbadmin's MIT ID
Subject: C=US, SP=Massachusetts, O=Massachusetts Institute
of Technology, OU=Joseph Jeffry Sipbadmin
Issuer: C=US, SP=Massachusetts, O=Massachusetts Institute
of Technology, OU=MIT Certification Authority
Serial Number: 17:01
This Certificate is valid after Thu Sep 22, 1966
but before Wed Apr 4, 2063
Fingerprint: 4B:0D:C5:90:CA:45:39:F7:9A:55:1E:42:2A:7A:29:44
[Display certification chain]
On this subpage, it is possible to bring up information about the Issuer by activating the link on ``Issuer''. If trust information is available, it can also be modified here. The ``Display verification chain'' link will do exactly that -- attempt to verify the certificate as high up as possible.