In Options->Advanced->Encryption->Certificates, the pref "When a website requires a certificate" is incomprehensible. I didn't understand it until I learned from bug 395399 that it's about *personal* certificates: It's *you* who's identifying himself to the web site, instead of the usual username/password method. The certificate is about *your* identity, not that of the web site. I'm updating the help text in bug 384997, but this needs to be fixed in the UI as well. Explanation from the suggested help text: Some web sites require you to identify yourself with a personal certificate. In order to do so, they generate one for you and ask Firefox to store it. When you visit the site in the future, Firefox selects the certificate without asking you by default. If you wish to manually choose a certificate (for example, if you have multiple certificates stored for multiple web sites), select the Ask me every time pref and you'll be in complete control of what certificates are being sent to web sites while browsing. The SeaMonkey text is more verbose: "Decide how SeaMonkey selects a security certificate to present to web sites that require one". It's speaking of presenting a certificate, but still missing that it's a personal certificate, identifying yourself to the web site. I'd suggest to add the word "personal" to the label like this: -When a web site requires a certificate: +When a web site requires a personal certificate:
Summary: "When a website requires a certificate" in Advanced-Encryption options is incomprehinsible → "When a website requires a certificate" in Advanced-Encryption options is incomprehensible
I don't think this blocks, but it's definitely wanted and seems like a label-only fix.
Flags: blocking-firefox3? → blocking-firefox3-
(In reply to comment #0) > -When a web site requires a certificate: > +When a web site requires a personal certificate: This is for the label that prefixes the "ask always" or "select automatically" choice. What about using "your" in the label? "When a web site requires your personal certificate"
(In reply to comment #2) > What about using "your" in the label? > > "When a web site requires your personal certificate" That seems much clearer to me. I don't know if it meets the criteria for requiring a string ID rev or not?
Maybe we shouldn't say "requires", but say "requests". There are websites that have "client auth" set to optional. That is, when you attempt to visit the site, the ssl handshake will request that you hand over a client cert. If you don't have a cert, or if you refuse to use it, the web site has a choice to: (a) refuse the connection (b) show the web page anyway When doing (b), the web page would probably show content only appropriate for anonymous users. Furthermore, this is not restricted to "web sites". It applies to any "server" that you do SSL with. So, my next proposal is: "When a server requests your personal certificate"
(In reply to comment #3) > I don't know if it meets the criteria for > requiring a string ID rev or not? I think it's a good idea to do a string ID change.
Assignee: nobody → ehsan.akhgari
Target Milestone: --- → Firefox 3 M11
Created attachment 295287 [details] [diff] [review] Patch (v1) This patch changes the string's ID as well, as suggested in comment 5. I've CC'ed email@example.com, and I guess the change in the string ID would alert the localizers to sync soon.
Comment on attachment 295287 [details] [diff] [review] Patch (v1) This needs some acceleration because the l10n freeze is near.
Attachment #295287 - Flags: review?(mano) → review+
Waiting for Beltzner's ui-r.
Whiteboard: [has patch] [needs ui-review beltzner]
Whiteboard: [has patch] [needs ui-review beltzner] → [has patch] [has review+] [needs ui-review beltzner]
Comment on attachment 295287 [details] [diff] [review] Patch (v1) >-<!ENTITY certselect.description "When a web site requires a certificate:"> >+<!ENTITY certSelection.description "When a server requests your personal certificate:"> > <!ENTITY certs.auto "Select one automatically"> > <!ENTITY certs.auto.accesskey "l"> > <!ENTITY certs.ask "Ask me every time"> > <!ENTITY certs.ask.accesskey "i"> I do think that personalizing it is better, but this change creates the prompt: When a server requests your personal certificate: ( ) Select one automatically ( ) Ask me every time It's a little bit odd to read it changing from 2nd person "your" to 1st person "me" in mid-sentence. Most of our other preferences use first person when they involve the user making an expression of preference ("Remember what I've downloaded", "Ask me before clearing private data"). The comparatively rarer use of 2nd person seems is reserved for cases where we are describing what kind of dialog a widget will launch ("Choose your preferred language for displaying pages [ Choose... ]"). I suggest changing the string to "When a server requests my personal certificate:" You can have my ui-r for it with that change, but of course beltzner is welcome and invited to overrule. :)
Created attachment 298960 [details] [diff] [review] Patch (v1.1) Addressed comment 9, waiting for beltzner's ui-r :-)
Comment on attachment 298960 [details] [diff] [review] Patch (v1.1) uir+a=beltzner
Whiteboard: [has patch] [has review+] [needs ui-review beltzner]
Checking in browser/components/preferences/advanced.xul; /cvsroot/mozilla/browser/components/preferences/advanced.xul,v <-- advanced.xul new revision: 1.46; previous revision: 1.45 done Checking in browser/locales/en-US/chrome/browser/preferences/advanced.dtd; /cvsroot/mozilla/browser/locales/en-US/chrome/browser/preferences/advanced.dtd,v <-- advanced.dtd new revision: 1.30; previous revision: 1.29 done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Keywords: checkin-needed, uiwanted
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.