Improve copy for double "verified" for EV certificates

VERIFIED FIXED in Firefox 43

Status

()

P1
normal
VERIFIED FIXED
3 years ago
3 years ago

People

(Reporter: ttaubert, Assigned: bgrins)

Tracking

Trunk
Firefox 43
Points:
---
Dependency tree / graph
Bug Flags:
firefox-backlog +
qe-verify +

Firefox Tracking Flags

(firefox42 affected, firefox43 verified)

Details

(Whiteboard: [fxprivacy])

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8643236 [details]
Screenshot

We're currently showing a "verified by" and "verified that you are securely..." in the CC subview for EV certs. We should try to de-duplicate that.
Flags: firefox-backlog?
(Reporter)

Comment 1

3 years ago
From bug 1175702:

> @@ +7087,1 @@
> >        verifier = this._identityBox.tooltipText;
> 
> pre-existing nit: This is information we should save in the object instead
> of retrieving again from the tooltip text. I guess we could improve this in
> bug 1191044.

Paolo rightly mentions that retrieving that information from the identity box's tooltip isn't great. We should retrieve it again, or just once and save it to a _field.

Updated

3 years ago
Blocks: 1188565
Flags: firefox-backlog? → firefox-backlog+
Priority: -- → P3
(Assignee)

Comment 2

3 years ago
Ash, any suggestions for the copy here?
Flags: needinfo?(agrigas)

Comment 3

3 years ago
(In reply to Brian Grinstead [:bgrins] from comment #2)
> Ash, any suggestions for the copy here?

let me check with Tanvi to see her thoughts. Not sure exactly what the difference between these verifying processes are...
Flags: needinfo?(agrigas)

Updated

3 years ago
Flags: needinfo?(tanvi)

Updated

3 years ago
Assignee: nobody → bgrinstead
Status: NEW → ASSIGNED
Iteration: --- → 43.1 - Aug 24
Flags: qe-verify?
Priority: P3 → P1
(In reply to agrigas from comment #3)
> (In reply to Brian Grinstead [:bgrins] from comment #2)
> > Ash, any suggestions for the copy here?
> 
> let me check with Tanvi to see her thoughts. Not sure exactly what the
> difference between these verifying processes are...

There should just be one verification process of the cert the server sent.  I believe DigiCert is the CA who signed the cert, verifying that the cert is valid and belongs to Mozilla in Mountain View, CA.  I don't think the duplication is too bad, but here are some options:

1. Nightly verified that you are securely connected to this site, run by: Mozilla

Verification by: DigiCert

2. Nightly verified that you are securely connected to this site, run by: Mozilla

Certified by: DigiCert (or Certification by:)

3. Nightly certifies that you are securely connected to this site, run by: Mozilla

Verified by: DigiCert

cc'ing a few people who are more familiar with the cert verification process.
Flags: needinfo?(tanvi)

Comment 5

3 years ago
(In reply to Tanvi Vyas [:tanvi] from comment #4)
> (In reply to agrigas from comment #3)
> > (In reply to Brian Grinstead [:bgrins] from comment #2)
> > > Ash, any suggestions for the copy here?
> > 
> > let me check with Tanvi to see her thoughts. Not sure exactly what the
> > difference between these verifying processes are...
> 
> There should just be one verification process of the cert the server sent. 
> I believe DigiCert is the CA who signed the cert, verifying that the cert is
> valid and belongs to Mozilla in Mountain View, CA.  I don't think the
> duplication is too bad, but here are some options:
> 
> 1. Nightly verified that you are securely connected to this site, run by:
> Mozilla
> 
> Verification by: DigiCert
> 
> 2. Nightly verified that you are securely connected to this site, run by:
> Mozilla
> 
> Certified by: DigiCert (or Certification by:)
> 
> 3. Nightly certifies that you are securely connected to this site, run by:
> Mozilla
> 
> Verified by: DigiCert
> 
> cc'ing a few people who are more familiar with the cert verification process.

I don't think this is very user-friendly - it doesn't clarify what the purpose of each is. Is there any more plain language we can use?
How important is it that we have "Verified by: Digicert" in the control center?  If the user (or developer) clicks more information they can see that.

Do users care who signed the cert?  Is it enough to just know that it is one of the CAs on Mozilla's trusted list?  The only case I can think of where I would want to know who verified a cert is when there is a rogue CA who hasn't made it to off our trusted list yet.  But when we find out about rogue CAs, aren't we pretty quick about removing them from our list?
Flags: needinfo?(rlb)
Flags: needinfo?(dveditz)
Whatever the actual importance, if we don't show it we may be compared unfavorably to the browsers that do. In the case of EV certs it probably IS important since the CA is asserting an identity. If the Turkish CA is asserting the identity of Chase Bank or IRS web site I am not reassured.

The users who care the most are more interested in the information we don't show, such as the cipher and protocol level--how secure is the connection?. That stuff is buried on the Security tab of the page info dialog which is harder to get to than before. Why isn't it a button from the panel shown in the attached screenshot? The name of the site could be a link that opens the View Certificate dialog, something useful.

The "More Information" button takes me to which ever tab of the Page Info dialog I last looked at, and if it wasn't the security tab it might it's really not obvious why you took me there. I have to click on the side arrow to see the first level of details, then click back, then click "More Information" then click the security tab (and then click the View Certificate button because that's usually what I'm trying to find).

The panel shouldn't say "Nightly verified that you are securely connected to this site", it should just say "You are securely connected to this site". The important bit is not that we did our job but that this is a secure connection compared to a non-secure connection. In the error case we can just say what's wrong, it's partially encrypted, or uses weak encryption, or whatever. "May not be secure".

There are two different things going on here. The CA (DigiCert in the example) is the one who issued the certificate to the site. Depending on the type of cert (EV or not) ownership of the certificate means that the CA "verified" simply that you owned the site, or in the case of EV that you are really that named legal entity. You could also say the CA "certifies" this, or if you want to move away from the jargon terms that have technical meanings you could say the CA "attests" to their identity -- but that's just going to confuse people even more. Mozilla has nothing to do with that process other than let orgs into the club that we think can be reasonably trusted to determine those things.

The other verification is done by the browser, but we don't need to wave our arms and point to ourselves, we're just doing the crypto math expected of us. There are three basic states that correspond to a person going into a restaurant with a bar. If you don't present your ID that's totally fine but you're not getting any drinks (http). If you present an ID that proves you're the appropriate age then you can have drinks with your meal (https). If you present a fake ID we kick you out and call the cops (error page). Magic crypto means we can't be fooled by fake IDs, but if a corrupt DMV official fraudulently issues real IDs to the wrong people we can't tell that. We might trust IDs from California, but not be so sure about IDs from Scamistan.
Flags: needinfo?(dveditz)
Yes, I think we're overthinking this. :)

I'd also suggest simply removing the 3 words "Firefox verified that".

The text becomes:

  You are securely connected to this site, run by:
    [...]
  Verified by: DigiCert Inc.

That removes the double "verified" wording. It's fine for us to simply assert that the connection is secure without subtly trying to explain it.

Comment 9

3 years ago
(In reply to Justin Dolske [:Dolske] from comment #8)
> Yes, I think we're overthinking this. :)
> 
> I'd also suggest simply removing the 3 words "Firefox verified that".
> 
> The text becomes:
> 
>   You are securely connected to this site, run by:
>     [...]
>   Verified by: DigiCert Inc.
> 
> That removes the double "verified" wording. It's fine for us to simply
> assert that the connection is secure without subtly trying to explain it.

That sounds good to me. Can we lock it at that?

Comment 10

3 years ago
That text works for me, although I would note that it's more accurate to say "owned by" than it is to say "run by", since most sites are not run by the person who owns them.

Comment 11

3 years ago
(In reply to April King from comment #10)
> That text works for me, although I would note that it's more accurate to say
> "owned by" than it is to say "run by", since most sites are not run by the
> person who owns them.

Ok - any opposition?
 You are securely connected to this site, owned by:
>     [Mozilla Foundation / address...]
>   Verified by: DigiCert Inc.
(Assignee)

Comment 12

3 years ago
Created attachment 8648220 [details]
MozReview Request: Bug 1191044 - Simplify "verified" copy for EV certificates;r=tanvi

Bug 1191044 - Simplify "verified" copy for EV certificates;r=tanvi
Attachment #8648220 - Flags: review?(tanvi)
Attachment #8648220 - Flags: review?(tanvi) → review+
(Assignee)

Comment 13

3 years ago
(In reply to agrigas from comment #11)
> (In reply to April King from comment #10)
> > That text works for me, although I would note that it's more accurate to say
> > "owned by" than it is to say "run by", since most sites are not run by the
> > person who owns them.
> 
> Ok - any opposition?
>  You are securely connected to this site, owned by:
> >     [Mozilla Foundation / address...]
> >   Verified by: DigiCert Inc.

I had second thoughts about making the 'run by' -> 'owned by' change here.  Since we've come to a consensus about the 'verified by' text at this point I'd like to keep the blame history clear and push the new "You are securely connected to this site, run by" string here.

I'll file another bug about switching the 'run by' text so that can be discussed separately.
(Assignee)

Comment 14

3 years ago
Comment on attachment 8648220 [details]
MozReview Request: Bug 1191044 - Simplify "verified" copy for EV certificates;r=tanvi

Bug 1191044 - Simplify "verified" copy for EV certificates;r=tanvi
Attachment #8648220 - Flags: review+ → review?(tanvi)
(Assignee)

Comment 15

3 years ago
Comment on attachment 8648220 [details]
MozReview Request: Bug 1191044 - Simplify "verified" copy for EV certificates;r=tanvi

Copying over r+
Attachment #8648220 - Flags: review?(tanvi) → review+
(Assignee)

Comment 16

3 years ago
(In reply to Brian Grinstead [:bgrins] from comment #13)
> I had second thoughts about making the 'run by' -> 'owned by' change here. 
> Since we've come to a consensus about the 'verified by' text at this point
> I'd like to keep the blame history clear and push the new "You are securely
> connected to this site, run by" string here.
> 
> I'll file another bug about switching the 'run by' text so that can be
> discussed separately.

Filed Bug 1194874
https://hg.mozilla.org/mozilla-central/rev/0807a9416c45
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox43: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 43
Flags: needinfo?(rlb)
Hi Brian, does this bug require QE verification?
Flags: needinfo?(bgrinstead)
(Assignee)

Updated

3 years ago
Flags: qe-verify?
Flags: qe-verify+
Flags: needinfo?(bgrinstead)

Updated

3 years ago
QA Contact: mwobensmith
Verified fixed FF 43.0a1 (2015-08-25) Win 7, Ubuntu 14.04, OS X 10.10.
Status: RESOLVED → VERIFIED
status-firefox43: fixed → verified
You need to log in before you can comment on or make changes to this bug.