Closed Bug 415282 Opened 17 years ago Closed 17 years ago

Larry UI for Owner shows "No Information Provided," but Page Info says differently

Categories

(Firefox :: Page Info Window, defect)

Product:
Firefox
Component:
Page Info Window
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: marcia, Assigned: johnath)

References

(
URL
)

Details

Attachments

(2 files, 1 obsolete file)

Screenshot
34.40 KB, image/png
Details
Fix general tab handling
4.64 KB, patch
Gavin
: review+
johnath
: ui-review+
mtschrep
: approval1.9+
Details | Diff | Splinter Review
Attached image Screenshot
Seen using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b3pre) Gecko/2008020104 Minefield/3.0b3pre. STR: 1. Go to a bugzilla bug and click on the Larry UI 2. Notice under "which is run by" it says "No Information Provided" Expected: I would see Mozilla Corporation, since that is what Page Info shows.
It's because the cert for *.mozilla.org is missing a valid CN.
Assignee: nobody → kengert
Component: Location Bar and Autocomplete → Security: UI
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: location.bar → ui
Hardware: PC → All
Is this not the intended result for domain validated certs where the owner may not have been verified by the issuer? Though it is of course not optimal that Larry and Page Info disagree on this.
I could have sworn there was a bug about making the Larry and Page Info CN handling consistent, but I can't find it. Perhaps I'm just remembering a conversation with Johnathan.
This dialog is actually browser/ code, moving -> Firefox
Assignee: kengert → johnath
Component: Security: UI → Page Info
Product: Core → Firefox
QA Contact: ui → page.info
Attached patch Check EV status in page info (obsolete) — Splinter Review
This changes the logic for the page info text to more closely reflect the approach in primary chrome. That is, trust the Org field on EV certs, but not on DV.
Attachment #301755 - Flags: ui-review?(beltzner)
Attachment #301755 - Flags: review?(gavin.sharp)
Attachment #301755 - Flags: review?(gavin.sharp) → review+
Suggestion: have Larry say "not verified" instead of "no information provided" if the info is present but it's not an EV cert. Otherwise he's lying to you.
Does this patch fix the problem both on the Security tab and the General tab? (See bug 417215). Gerv
Summary: Larry UI shows "No Information Provided," but correct info shows in Page Info → Larry UI for Owner shows "No Information Provided," but Page Info says differently
(In reply to comment #9) > Does this patch fix the problem both on the Security tab and the General tab? > (See bug 417215). Yes.
(In reply to comment #10) > (In reply to comment #9) > > Does this patch fix the problem both on the Security tab and the General tab? > > (See bug 417215). > > Yes. Well. Sort of. :) I did make sure to check that that string picked up changes, but actually looking at it on a DV-SSL site made for a pretty ugly: "This web site is owned by This web site does not supply identity information." Updated patch does the right thing here, and just uses: "This web site does not supply identity information." on pages where no verified identity information is supplied. This version also has ui-r beltzner, so I'm setting the flag. I'll get gavin to take another quick review. (In reply to comment #7) > Suggestion: have Larry say "not verified" instead of "no information provided" > if the info is present but it's not an EV cert. Otherwise he's lying to you. I agree that the current text is technically incorrect, but I would propose that you file a separate bug for that. It's a string change, which means late-l10n, where the rest of this bug doesn't require that. And it's a subtle semantic point, so I can imagine several rounds of wordsmithing (e.g. do we really want to say "not verified" right above the line where we tell them who verified it?). Fundamentally, I'm okay with the incorrectness here. This is an identity UI, not a certificate viewer. If a technology like TLS-SRP comes along that doesn't use certificates, but nevertheless allows for session integrity and identification, I'd imagine that would be at home here too. We don't have *identity* information here that we can supply to our users, we just have some fields in a certificate from a CA who, in many cases, has told us up front they don't verify those fields. Technically information has been provided, that's why I think filing a follow-up makes sense - we might find language that makes us happy as purists while still keeping things simple for users, but whether or not we do so is basically orthogonal to fixing the Larry/Page Info inconsistency.
Attachment #301755 - Attachment is obsolete: true
Attachment #303086 - Flags: ui-review+
Attachment #303086 - Flags: review?(gavin.sharp)
Attachment #301755 - Flags: ui-review?(beltzner)
Attachment #303086 - Flags: review?(gavin.sharp) → review+
Comment on attachment 303086 [details] [diff] [review] Fix general tab handling I thought beltzner already approved this, but apparently I am crazy?
Attachment #303086 - Flags: approval1.9?
Attachment #303086 - Flags: approval1.9? → approval1.9+
Checking in browser/base/content/pageinfo/security.js; /cvsroot/mozilla/browser/base/content/pageinfo/security.js,v <-- security.js new revision: 1.16; previous revision: 1.15 done
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: