Closed Bug 384205 Opened 17 years ago Closed 17 years ago

unhappy certificate dialog needs to be replaced

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 380605

People

(Reporter: timeless, Assigned: KaiE)

References

Details

Attachments

(3 files)

unhappy certificate
1.03 KB, application/x-x509-email-cert
Details
happier version of same certificate
1.03 KB, application/x-x509-ca-cert
Details
pictures (top left is unhappy), bottom is happier, right is result of view button
33.12 KB, image/png
Details 
msie gives me a certificate viewer with an unhappy indicator. I'm able to see the certificate is expired.

minefield gives me an error that says ~I have no idea why the certificate is bad, but it's bad, trust me~.

<johnath> At very least, we should dump to an error page
which says the same sort of thing, but tells you how to import the cert, if
that's what you really want to do.  Unless that error means that the cert is
non-validatable (broken sig, e.g.) in which case it could at least be more
clear
Attached file unhappy certificate 

    
  

        Attachment #268133 -
        Attachment mime type: application/x-x509-ca-cert → application/x-x509-email-cert

    
    

    
  


  

    
    

    
  
Comment on attachment 268138 [details]
happier version of same certificate

selecting this version of the certificate with firefox yields an import dialog that doesn't tell me the certificate has expired (details does, but why would i view details?!)

    
    

    
  
Timeless, please attach a screen shot of the lousy minefield error dialog.

    
    

    
  
That message is known as "NotImportingUnverifiedCert" and is output in two 
places:

in nsNSSCertificateDB::ImportEmailCertificate and
in nsNSSCertificateDB::ImportValidCACertsInList
both in security/manager/ssl/src/nsNSSCertificateDB.cpp

They were added a year ago, in response to bug 176507 and bug 310446.

The dialog occurs for each cert in the import list cannot be verified.

As with all security error UI decisions, there was the struggle between 
people who (like me) think an error message should tell you enough to know 
such things as (a) what cert had the problem, and (b) what the specific 
problem was, and people who think that errors should be dumbed down about 
as much as possible and avoid giving the user details.  

I would like very much to see this dialog tell the user some aspect of 
the subject name in the cert, and the string for the specific error code.
But thre are others who would like to see this silently ignored, or just
a dialog that says "Some of the certs were not imported. [OK]"  I guess
PKI security is only good UI if people don't have to think about it. :(
Blocks: 107491
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE

    
  
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: