Closed Bug 384205 Opened 18 years ago Closed 18 years ago

unhappy certificate dialog needs to be replaced

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 380605

People

(Reporter: timeless, Assigned: KaiE)

References

Details

Attachments

(3 files)

unhappy certificate
1.03 KB, application/x-x509-email-cert
Details
happier version of same certificate
1.03 KB, application/x-x509-ca-cert
Details
pictures (top left is unhappy), bottom is happier, right is result of view button
33.12 KB, image/png
Details
msie gives me a certificate viewer with an unhappy indicator. I'm able to see the certificate is expired. minefield gives me an error that says ~I have no idea why the certificate is bad, but it's bad, trust me~. <johnath> At very least, we should dump to an error page which says the same sort of thing, but tells you how to import the cert, if that's what you really want to do. Unless that error means that the cert is non-validatable (broken sig, e.g.) in which case it could at least be more clear
Attached file unhappy certificate
Attachment #268133 - Attachment mime type: application/x-x509-ca-cert → application/x-x509-email-cert
Comment on attachment 268138 [details] happier version of same certificate selecting this version of the certificate with firefox yields an import dialog that doesn't tell me the certificate has expired (details does, but why would i view details?!)
Timeless, please attach a screen shot of the lousy minefield error dialog.
That message is known as "NotImportingUnverifiedCert" and is output in two places: in nsNSSCertificateDB::ImportEmailCertificate and in nsNSSCertificateDB::ImportValidCACertsInList both in security/manager/ssl/src/nsNSSCertificateDB.cpp They were added a year ago, in response to bug 176507 and bug 310446. The dialog occurs for each cert in the import list cannot be verified. As with all security error UI decisions, there was the struggle between people who (like me) think an error message should tell you enough to know such things as (a) what cert had the problem, and (b) what the specific problem was, and people who think that errors should be dumbed down about as much as possible and avoid giving the user details. I would like very much to see this dialog tell the user some aspect of the subject name in the cert, and the string for the specific error code. But thre are others who would like to see this silently ignored, or just a dialog that says "Some of the certs were not imported. [OK]" I guess PKI security is only good UI if people don't have to think about it. :(
Blocks: 107491
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: