(Hidden by Administrator)
Bug 803975 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
In the time this has been open, I've left the corporate world and don't deal with the corporate servers any more :-) As for the default - it should be consistent with other places that request a certificate decision - e.g. Firefox. I think it was mentioned that the dialog is common. Default is also ambiguous. For FF, there is a global option "select one automatically" or "ask every time", which is a default when accessing a new site. That's distinct from the default selection when a dialog comes up for a site. (Due to ask, or automatic fails.) I assume you mean the latter, since TB doesn't have (so far as I know) a global default. My personal preference would be "Select one automatically", since that is likely to work for most people most of the time. RE: .6-.7 - I do have examples of websites with "certificate optional" whose behavior is complicated. In one case, if you provide a certificate, you get admin privileges; if you don't you're an ordinary user. Thus, if you want to test the UI, you definitely need a "just this session" option. In another case, you log-in to get a new certificate. Consider a name or role change. Even if you have a certificate for the old name/role, you don't want to provide it so that you will go through the new certificate flow. If you end up with multiple roles (and certs), you need to select the correct one each time. A third case is where you have a certificate that matches and is unexpired - but the server rejects it (perhaps revoked, which the client doesn't check). Here, you want to revoke the "remember this forever" decision. For web sites, I handled this with the very awkward "solution" of multiple accounts on the client and/or using different browsers for different servers... As in .0, I still conclude that for all platforms, the user choices ought to be "Select one automatically", "Use this one", "Don't send any" and, orthogonally, "just for this 'session'" or "remember this choice". And if remembered, they needs to be a UI option to "forget" and/or change that choice. "Server Settings" under "Security settings" when "TLS Certificate" is selected would seem to be a good place to see/update the remembered choice. (See bug 1657588, bug 1657591)