Closed
Bug 101354
Opened 23 years ago
Closed 8 years ago
Various feature requests for unknown CA alert
Categories
(Core Graveyard :: Security: UI, enhancement, P4)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1241065
People
(Reporter: timeless, Unassigned)
References
()
Details
try to load https://sourceforge.net in a new mozilla w32 build
get:
There is a problem with the certificate that identitfies "sourceforge.net". Do
you want to continue?
The certificate was issued by a certificate authority that Mozilla does not
recognize.
<View Certificate>
[ ] Remember this certificate permanently
<Continue> <Cancel> <Help>
ok. there is not one problem, there are at least 3 problems.
1. there's no title, to be useful i'd like the site "sourceforge.net" to be
listed in the title if nothing else. <- i'll file this as a new bug if people object
2. the issuer is not listed in the dialog (you have to view the certificate,
which takes forever to open and close). <- i'll file this as a few new bugs if
people object
3. you can't add the authority from this dialog (or the details dialog). <- this
is the raison d'être
4. The text at the top of the message is so generic as to be utterly useless. I
need to skip it because it contains no useful information. <- i'll complain
elsewhere if people wish
5. Continue what? by the time i've gotten to continue i'm not quite sure what
i'm doing because the question is asked, and then a random statement (explaining
why you asked the question) is given, and then i get some choices. Which of
course don't match the question.
6. I seem to recall that spec required Certificate Authority to use initial caps.
ok, well there are two more big ones, which i need to file separately
7. View Certificate needs to be able to <validate> against the certificate
authority w/o requiring the authority to be added
8. This stupid dialog stops *ALL* network traffic.
ok so this is more than 3 ...
9. The authority for sourceforge is major. And therefore i should not have
gotten this dialog in the first place.
Here are two proposals.
1. Add <Add Authority> to the left of <Continue> and make it do what it says
(including dismiss the dialog -- i think...)
2. Rework the dialog to do at least 1.
<dialog title="Unknown Certificate Authority for &sitename;">
<image class="alert"/>&issuername;, the issuer of this certificate is not in
your Certificate Authority list.
<hbox><button label="Add Authority"/><button label="View Certificate"/><button
label="Help"/></hbox>
<hbox><button label="Remember Certificate"/><button label="Accept
Certificate"/><button label="Cancel"/></hbox></dialog>
This form would go nicely with the following other forms:
<dialog title="Certificate for &sitename; expired &daydelta">
<image class="alert"/>It was issued on &issuedate; and expired on &expirydate;.
<hbox><button label="View Certificate"/><button label="Help"/></hbox>
<hbox><button label="Remember Certificate"/><button label="Accept
Certificate"/><button label="Cancel"/></hbox></dialog>
Updated•23 years ago
|
OS: Windows 98 → All
Comment 1•23 years ago
|
||
The UI for this dialog was redesigned under mpt's guidelines, with input by doc
writers, etc..., by Hwaara (see bug 91466).
We're also thinking of implementing bug 99411, which would moot most of the
issues listed in the bug.
sourceforge.net CA is already in the browser. something must be wrong with
either your build, or your profile.
Severity: normal → enhancement
Priority: -- → P4
Target Milestone: --- → Future
my profile is less than one month old, and has only seen 2 or 3 mozilla
versions. However, it was created by winEmbed and not mozilla. I'll try a new
profile today.
Yes mpt and hwaara reworked the dialog, however in our view (me and some
colleagues @work) the dialog is totally useless.
the fact that you're considering bug 99411 indicates that some of the design
theories that formed the basis for their reworking were fatally flawed.
In the interim, please implement 1.
Comment 3•23 years ago
|
||
I wanted Håkan to do what's described in bug 99411 instead of bug 91466, but he
wanted to decruft the individual alerts first. So the reasoning for Timeless's
`fatally flawed' statement is rubbish.
(1) is invalid, because it would slow the user down by misleading them into
thinking that the title was useful, when it wouldn't be because the
hostname is in the alert text already.
(2) is a good point which should be fixed. (I can't remember why it wasn't done
in the first place.)
(3) is possible, though it would need to replace the current checkbox since
having more than one checkbox in a confirmation alert would be really icky.
(4) is necessary preparation for bug 99411, so it's rather amusing to advocate
that bug while simultaneously complaining about its text.
(5) is invalid. The question asks if you want to continue, and the button is
labelled `Continue'. Just like an alert which asks you if you want to save,
where the button is labelled `Save'.
(6) I have no idea about, but it sounds like a bug in the spec.
(7) would be nice -- it could be a `Validate...' button alongside `Cancel' and
`Continue'.
(8) is a separate Networking bug, probably.
(9) seems to be your profile.
So, we want:
* the name of the unknown CA included in the alert text
* changing the checkbox text and function to `Accept future certificates
issued by {name of authority}'
* the ability to validate a certificate issued by an unknown CA (is this
possible?)
* certificate checks to refrain from blocking other HTTP requests.
These are highly unrelated features, so they really need separate bugs.
Hardware: PC → All
Summary: There is a problem with the dialog that does not identify itself, it portrays that the certificate that identifies some server was issued by an unrecognized (albeit major) issuing authority → Various feature requests for unknown CA alert
Comment 5•21 years ago
|
||
Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody. Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Updated•18 years ago
|
QA Contact: junruh → ui
Given that bug 327181 has now been fixed, is this bug relevant anymore?
2 is most certainly not fixed (there might be a bug for it), but yes, find me a bug for that and you're free to mark this as wfm/wont
Comment 8•8 years ago
|
||
2 will be addressed by bug 1241065.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•