Closed Bug 267414 Opened 20 years ago Closed 19 years ago

provide more detailed unknown/untrusted secure certificate dialogues

Categories

(Camino Graveyard :: General, defect)

Product:
Camino Graveyard
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Camino1.0

People

(Reporter: alqahira, Assigned: sfraser_bugs)

References

(
URL
)

Details

(Keywords: fixed1.8)

Attachments

(2 files)

Camino, Firefox, Safari dialogues at (A) https://mail.yahoo.com
33.02 KB, image/png
Details
Camino, Firefox, Safari dialogues at (B) https://www.hilander.com/ssltest
42.39 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041031 Camino/0.8+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a5) Gecko/20041031 Camino/0.8+

Camino provides rather uninformitive dialogues where security certificates are
"other than normal"--self-signed, not matching the site one is visiting,
etc.--in most cases not even telling the user what site the certificate claims
to be assigned to.

Reproducible: Always
Steps to Reproduce:
A. https://mail.yahoo.com
1. Log in to your Yahoo account and let it set a cookie.
2. Do not log out, but leave the Yahoo network for a while.
3. Later (after a while, Yahoo will require a login again) visit
https://mail.yahoo.com directly (Yahoo's logins default to non-secure versions).
4. Observe the warning dialogue

B. https://www.hilander.com/ssltest/ (mentioned in bug 170355)  
1. Visit the site directly
2. Observe warning dialogue
Actual Results:  
Dialogues don't provide much info about what the error might be, what the
certificate claims to be vs. what the site is that user visiting, etc.

See following attachments for these two sites as displayed in Camino, Firefox,
Safari.

Expected Results:  
More informative dialogues, ability to "inspect" the certificates, etc.  See
following attachments for these two sites as displayed in Camino, Firefox,
Safari.  The detail provided by Firefox would be wonderful, but even the level
provided by Safari would be a slight but useful improvement.

To me this lack of detail seems to significantly impair the user's security
(and/or the user's ability to determine security) when visiting secure sites
that may be spoofed, broken, misconfigured, etc.  

Thus I'm requesting "major" rather than "enhancement" or even "normal."
Camino doesn't have a good UI for Certificates. If it would it would use what FF
has. I think we even lack major features on Certificate level. This is something
we shoulod defenitly get fixed by 1.0.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → Camino1.0
Even Firefox's interface isn't great. I just gives you a long list of possible
causes. This is poor UI, both because it makes for far more text in the dialogue
than is necessary, and because it doesn't help the user to work out what to do.
I'm probably not too concerned if the certificate is invalid because it expired
yesterday, I'm more concerned if the certificate is for a different domain.
Similarly if the signing authority isn't one built into Camino all I really want
are the details of the certificate and who signed it; I trust my employer's self
signed certificate for the extranet, but only if I can actually see the certificate.
Blocks: 272606
*** Bug 304779 has been marked as a duplicate of this bug. ***
Patch in bug 151656 fixes this.
Assignee: pinkerton → sfraser_bugs
Fixed by the checkin for bug 151656.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Keywords: fixed1.8
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: