398203 - "When a website requires a certificate" in Advanced-Encryption options is incomprehensible

Status: RESOLVED FIXED

(Firefox :: Settings UI, defect)

Description

[Steffen Wilberg]

In Options->Advanced->Encryption->Certificates, the pref "When a website requires a certificate" is incomprehensible. I didn't understand it until I learned from bug 395399 that it's about *personal* certificates: It's *you* who's identifying himself to the web site, instead of the usual username/password method. The certificate is about *your* identity, not that of the web site.

I'm updating the help text in bug 384997, but this needs to be fixed in the UI as well.
Explanation from the suggested help text:
  Some web sites require you to identify yourself with a personal
  certificate. In order to do so, they generate one for you and ask
  Firefox to store it. When you visit the site in the future,
  Firefox selects the certificate without asking you by default. If
  you wish to manually choose a certificate (for example, if you have
  multiple certificates stored for multiple web sites), select the Ask
  me every time pref and you'll be in complete control of
  what certificates are being sent to web sites while browsing.

The SeaMonkey text is more verbose: "Decide how SeaMonkey selects a security certificate to present to web sites that require one". It's speaking of presenting a certificate, but still missing that it's a personal certificate, identifying yourself to the web site.

I'd suggest to add the word "personal" to the label like this:
-When a web site requires a certificate:
+When a web site requires a personal certificate:

Comment 1

[Mike Beltzner [:beltzner, not reading bugmail]]

I don't think this blocks, but it's definitely wanted and seems like a label-only fix.

Comment 2

[Kai Engert (:KaiE:)]

(In reply to comment #0)
> -When a web site requires a certificate:
> +When a web site requires a personal certificate:

This is for the label that prefixes the "ask always" or "select automatically" choice.

What about using "your" in the label?

  "When a web site requires your personal certificate"

Comment 3

[Johnathan Nightingale [:johnath]]

(In reply to comment #2)
> What about using "your" in the label?
> 
>   "When a web site requires your personal certificate"

That seems much clearer to me.  I don't know if it meets the criteria for requiring a string ID rev or not?

Comment 4

[Kai Engert (:KaiE:)]

Maybe we shouldn't say "requires", but say "requests".

There are websites that have "client auth" set to optional.
That is, when you attempt to visit the site, the ssl handshake will request that you hand over a client cert.
If you don't have a cert, or if you refuse to use it, the web site has a choice to:
(a) refuse the connection
(b) show the web page anyway

When doing (b), the web page would probably show content only appropriate for anonymous users.

Furthermore, this is not restricted to "web sites". It applies to any "server" that you do SSL with.

So, my next proposal is:

  "When a server requests your personal certificate"

Comment 5

[Kai Engert (:KaiE:)]

(In reply to comment #3)
> I don't know if it meets the criteria for
> requiring a string ID rev or not?

I think it's a good idea to do a string ID change.

Comment 6

[(no longer active)]

Attachment: Patch (v1)

This patch changes the string's ID as well, as suggested in comment 5.  I've CC'ed firefoxl10n@hotmail.com, and I guess the change in the string ID would alert the localizers to sync soon.

Comment 7

[(no longer active)]

Comment on attachment 295287 [details] [diff] [review]
Patch (v1)

This needs some acceleration because the l10n freeze is near.

Comment 8

[(no longer active)]

Waiting for Beltzner's ui-r.

Comment 9

[Johnathan Nightingale [:johnath]]

Comment on attachment 295287 [details] [diff] [review]
Patch (v1)

>-<!ENTITY certselect.description          "When a web site requires a certificate:">
>+<!ENTITY certSelection.description       "When a server requests your personal certificate:">
> <!ENTITY certs.auto                      "Select one automatically">
> <!ENTITY certs.auto.accesskey            "l">
> <!ENTITY certs.ask                       "Ask me every time">
> <!ENTITY certs.ask.accesskey             "i">

I do think that personalizing it is better, but this change creates the prompt:


When a server requests your personal certificate:

( ) Select one automatically     ( ) Ask me every time


It's a little bit odd to read it changing from 2nd person "your" to 1st person "me" in mid-sentence.  Most of our other preferences use first person when they involve the user making an expression of preference ("Remember what I've downloaded", "Ask me before clearing private data").  The comparatively rarer use of 2nd person seems is reserved for cases where we are describing what kind of dialog a widget will launch ("Choose your preferred language for displaying pages  [ Choose... ]").

I suggest changing the string to "When a server requests my personal certificate:"  You can have my ui-r for it with that change, but of course beltzner is welcome and invited to overrule.  :)

Comment 10

[(no longer active)]

Attachment: Patch (v1.1)

Addressed comment 9, waiting for beltzner's ui-r :-)

Comment 11

[Mike Beltzner [:beltzner, not reading bugmail]]

Comment on attachment 298960 [details] [diff] [review]
Patch (v1.1)

uir+a=beltzner

Comment 12

[Reed Loden [:reed]]

Checking in browser/components/preferences/advanced.xul;
/cvsroot/mozilla/browser/components/preferences/advanced.xul,v  <--  advanced.xul
new revision: 1.46; previous revision: 1.45
done
Checking in browser/locales/en-US/chrome/browser/preferences/advanced.dtd;
/cvsroot/mozilla/browser/locales/en-US/chrome/browser/preferences/advanced.dtd,v  <--  advanced.dtd
new revision: 1.30; previous revision: 1.29
done