418694 - Have Larry say "(unknown)" instead of "no information provided"

Status: VERIFIED FIXED

(Firefox :: Page Info Window, defect)

Description

[Darren Kalck [:D-Kalck]]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9b4pre) Gecko/2008022005 Minefield/3.0b4pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9b4pre) Gecko/2008022005 Minefield/3.0b4pre

From https://bugzilla.mozilla.org/show_bug.cgi?id=415282#c7 And
https://bugzilla.mozilla.org/show_bug.cgi?id=415282#c11

> have Larry say "not verified" instead of "no information provided"
> if the info is present but it's not an EV cert.  Otherwise he's lying to you.


Reproducible: Always

Comment 1

[Jesse Ruderman]

Not lying sounds like a good idea.

Comment 2

[Johnathan Nightingale [:johnath]]

Repasting my comments from bug 415282 here just to continue the discussion:
---
I agree that the current text is technically incorrect, but I would propose
that you file a separate bug for that.  It's a string change, which means
late-l10n, where the rest of this bug doesn't require that.  And it's a subtle
semantic point, so I can imagine several rounds of wordsmithing (e.g. do we
really want to say "not verified" right above the line where we tell them who
verified it?).

Fundamentally, I'm okay with the incorrectness here.  This is an identity UI,
not a certificate viewer.  If a technology like TLS-SRP comes along that
doesn't use certificates, but nevertheless allows for session integrity and
identification, I'd imagine that would be at home here too.  We don't have
*identity* information here that we can supply to our users, we just have some
fields in a certificate from a CA who, in many cases, has told us up front they
don't verify those fields.  Technically information has been provided, that's
why I think filing a follow-up makes sense - we might find language that makes
us happy as purists while still keeping things simple for users, but whether or
not we do so is basically orthogonal to fixing the Larry/Page Info
inconsistency.
---

I think the current UI is a long way from lying, but I'm fine to wordsmith if we can find a better way of communicating the same thing.

Comment 3

[Mike Beltzner [:beltzner, not reading bugmail]]

This will not block the final release of Firefox 3.

Comment 4

[Mike Beltzner [:beltzner, not reading bugmail]]

Little bit of a morph, but ...

Johnath and I just talked about fixing this as well as the text shown when no SSL information is available.

for no-SSL, the text should read:

  This web site does not supply any identity information.

  Your connection to this web site is not encrypted.

notes:
 - consistent use of "web site"
 - properly states that the website doesn't supply any information
 - focus on identity, not whether or not the site is "verified"

for SSL, the text should read:

   You are connected to 
   domain.tld

   which is run by
   (unknown)

   Verified by Whomever

   Your connection to this web site is encrypted to prevent eavesdropping.

notes:
 - unknown properly refers to the fact that while owner information is provided, we can't know if it's actually correct because it's not verified

for EV-SSL, the text should be as it is now:

   You are connected to
   domain.tld

   which is run by
   Company
   Address

   Verified by Whomever

   Your connection to this web site is encrypted to prevent eavesdropping.

Comment 5

[Johnathan Nightingale [:johnath]]

Attachment: 2 string changes

Patch includes the two string changes.

Comment 6

[Mike Beltzner [:beltzner, not reading bugmail]]

Comment on attachment 307810 [details] [diff] [review]
2 string changes

r+a=beltzner

Comment 7

[Johnathan Nightingale [:johnath]]

Checking in browser/base/content/browser.js;
/cvsroot/mozilla/browser/base/content/browser.js,v  <--  browser.js
new revision: 1.992; previous revision: 1.991
done
Checking in browser/base/content/browser.xul;
/cvsroot/mozilla/browser/base/content/browser.xul,v  <--  browser.xul
new revision: 1.443; previous revision: 1.442
done
Checking in browser/locales/en-US/chrome/browser/browser.dtd;
/cvsroot/mozilla/browser/locales/en-US/chrome/browser/browser.dtd,v  <--  browser.dtd
new revision: 1.100; previous revision: 1.99
done
Checking in browser/locales/en-US/chrome/browser/browser.properties;
/cvsroot/mozilla/browser/locales/en-US/chrome/browser/browser.properties,v  <--  browser.properties
new revision: 1.67; previous revision: 1.66
done

Comment 8

[Samuel Sidler (old account; do not CC)]

I don't suppose there's a bug to fixed the Security tab of the Page Info window as well? It currently says "Owner: This web site does not supply identify information." Seems like that should say "Owner: (unknown)"

Comment 9

[Samuel Sidler (old account; do not CC)]

Changed verified using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b5pre) Gecko/2008030804 Minefield/3.0b5pre

Comment 10

[Johnathan Nightingale [:johnath]]

(In reply to comment #8)
> I don't suppose there's a bug to fixed the Security tab of the Page Info window
> as well? It currently says "Owner: This web site does not supply identify
> information." Seems like that should say "Owner: (unknown)"

There isn't, but feel free to file.  I don't think it's a blocker or anything - the strings are not typically shown together, and we're dealing with secondary chrome - but we can certainly look at synching up the wording.

Comment 11

[Eddy Nigg (StartCom)]

This bug broke the indicator even more. It's worse now then before, it wasn't correct before either. See bug 429021