Open Bug 424182 Opened 17 years ago Updated 2 years ago

Meaning of the "Identity" of SSL sites is not clear.

Categories

(Firefox :: Page Info Window, defect)

Product:
Firefox
Component:
Page Info Window
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Milestone:
Future

People

(Reporter: bugzilla, Unassigned)

Details

Go some SSL (not evssl) site: ex. https://bugzilla.mozilla.org/ View Page Info --> Security Tab --> Web Site Identity section You'll see: Web site: bugzilla.mozilla.org Owner: This web site does not supply identity information. Verified by: Equifax This web site provides a certificate to verify its identity. This page info say both [A] does not supply identity information. -- no identity [B] provides a certificate to verify its identity. -- have identity at the same time. [A] is shown only when the site use normal ssl (not evssl) certificates and it means we can verify the domain of the site but cannot verify the organization (owner) information. The word "identity" means organization identity here. [B] is shown when the site use any ssl certificates and it means the site is providing the certificates and we can verify the domain. The word "identity" means domain identity here. I feel this is confusing and we should make the meaning of "identity" clearer.
These strings have changed since Beta 4 (see bug 418694). Are you happy with the way they are worded in a nightly?
Jesse, the changed wording seems to be larry only, the "More Information" one shows the strings dynamis quoted to me, Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9b5pre) Gecko/2008031904 Minefield/3.0b5pre. The relevant source in l10n is http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/browser/locales/en-US/chrome/browser/pageInfo.properties&mark=80#80
Johnathan, what'd be your take on this?
Flags: blocking-firefox3?
(In reply to comment #3) > Johnathan, what'd be your take on this? I agree that better wording would be nice here, but I don't think we should block on it. I think this is wanted-firefox-next, personally (at which point, I will be eager to come up with something better. :)
Flags: wanted-firefox3+
Flags: blocking-firefox3?
Flags: blocking-firefox3-
Removing late-l10n, we're not gonna hit Firefox 3 with this ...
Keywords: late-l10n
Target Milestone: --- → Future
This is also true of the "quick" box which appears when you click the identity button to the left of the titlebar. In this case, for a non-EV SSL site it says: "... run by: (unknown) Verified by [CA]" Quite how a CA can "verify" that a site is run by "unknown" is beyond me, so this is really bad user confusion. See also bug #439936.
This should perhaps rather say: "... run by: domain.com Verified by [CA]" which is according to the Mozilla CA policy a property we know and is meaningful. It would also be consistent with browser.identity.ssl_domain_display set to 1 (once turned on by default). Johnathan, perhaps if browser.identity.ssl_domain_display is set to 1 or 2, the property of currently "unknown" could be change to that of the same value in the address bar, else leave it "unknown". Then a decision could be taken as to what to set the default.
1. Because this gives untrue security information to end users in the default configuration for the default situation (ordinary non-EV site), this should be scheduled for fixing in an upcoming patch release of Firefox 3.0.x.x, not needlessly delayed until Firefox 4.x . However because this is "failing closed", it is not as urgent as a security hole. 2. The messages displayed in both the tooltip, the site info popup and in Larry severely misinform users that information is "not provided" or "unknown" when in fact it is provided and verified, just not to the highest of standards. 3. I propose that the wording is changed as follows: In the text that follows <something> is a placeholder for data <Name from certificate> is the most important part of the Subject name field other than the web address. (According to priority list: CN, O, OU, ...), e.g. "Mozilla Corporation" <Full identity from certificate> means all the Subject name fields other than the one that is the web address. e.g. for the current bugzilla.mozilla.org certificate: Secure Web Server Mozilla Corporation Mountain View California US For plain http sites: Current messages: Address bar: "" Tooltip: "This web site does not supply identity information" Popup: "This web site does not provide identity information, Your connection to this site is not encrypted" Larry: "Owner: This site does not supply identity information, verified by: Not specified" Correct messages: Address bar: "" (same as current) Tooltip: "Not digitally signed" Popup: "This web site is not digitally signed, Your connection to this site is not encrypted" Larry: "Signature: This web site is not digitally signed, Verified by: Not verified" For https: sites with a trusted non-EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Current messages: Address bar: "" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: (unknown), verified by <CA name>, Your connection to this site is ????" Larry: "Owner: this site does not provide identity information, verified by: <CA name>" Correct messages: Address bar: "" (same as current) Tooltip: "<Name from certificate>, Verified by: <CA name> (limited checking)" Popup: "Which is run by: <Full identity from certificate>, Verified by: <CA name> (limited checking), Your connection to this site is signed to prove it came from the site owner, but is not protected against eavesdropping" Larry: "Signature: <Full identity from certificate>, Verified by: <CA name> (limited checking)" For https: sites with a trusted non-EV certificate and a real encryption level. Current messages: Address bar: "" Tooltip: "<Name from certificate>, Verified by: <CA name>" Popup: "Which is run by: (unknown), verified by: <CA name>, Your connection to this site is encrypted to prevent eavesdropping" Larry: "Owner: This web site does not supply identity information., verified by: <CA name>" Correct messages: Address bar: "" (same as current) Tooltip: "Verified by: <CA name> (limited checking)" Popup: "Which is run by: <Full identity from certificate>, partially verified by <CA name> (limited checking), Your connection to this site is encrypted to prevent eavesdropping" Larry: "Signature: <Full identity from certificate>, ENCRYPTED, Partially verified by: <CA name> (limited checking)" For https: sites with a trusted EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Current messages: Address bar: "<EV name from certificate>" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, "Your connection to this site is ????" Larry: "Owner: <EV name from certificate>, verified by: <CA name>" Correct messages: Address bar: "<EV name from certificate>" (same as current) Tooltip: "Verified by: <CA name>" (same as current) Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, Your connection to this site is signed to prove it came from the site owner, but is not protected against eavesdropping" Larry: "Signature: <Full EV identity from certificate>, verified by: <CA name>" For https: sites with a trusted EV certificate and a real encryption level Current messages: Address bar: "<EV name from certificate>" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: <Full EV identity from certificate<, verified by <CA name>, Your connection to this site is encrypted to prevent eavesdropping" Larry: "Owner: <EV name from certificate>, verified by: <CA name>" Correct messages: Address bar: "<EV name from certificate>" (same as current) Tooltip: "Verified by: <CA name>" (same as current) Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, Your connection to this site is encrypted to prevent eavesdropping" (same as current) Larry: "Signature: <Full EV identity from certificate>, verified by: <CA name>"
Personally I would make some minor amendments to the wording (like removing "signing" and talking about "verified identity" or something instead, because signing probably doesn't mean anything to a lot of users) but otherwise your suggestions are excellent Jakob. They seem to be the "common sense" approach which promote the advantages of EV without making false statements about non-EV sites (as FF does now, along with making it actually *harder* for users to work out who runs a non-EV site).
(In reply to comment #9) > Personally I would make some minor amendments to the wording (like removing > "signing" and talking about "verified identity" or something instead, because > signing probably doesn't mean anything to a lot of users) but otherwise your > suggestions are excellent Jakob. They seem to be the "common sense" approach > which promote the advantages of EV without making false statements about non-EV > sites (as FF does now, along with making it actually *harder* for users to work > out who runs a non-EV site). Good call, here are some updated texts based on your comments. I also added texts for "untrusted" CA's, such as self-signed sites and intranet sites with site-local CAs not imported into the installed Fx. For plain http sites: Current messages: Address bar: "" Tooltip: "This web site does not supply identity information" Popup: "This web site does not provide identity information, Your connection to this site is not encrypted" Larry: "Owner: This site does not supply identity information, verified by: Not specified" Correct messages: Address bar: "" (same as current) Tooltip: "The identity of this web site is not independently verified" Popup: "This identity of this web site is not independently verified, Your connection to this site is not protected against wiretapping" Larry: "Owner: The identity of this web site is not verified by a digital certificate, Verified by: Noone" For https: sites with an untrusted, but otherwise valid certificate (root not trusted, everything else is ok) and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Tooltip: "<Name from certificate>, Verified by: <CA name> (NOT TRUSTED)" Popup: "Which is run by: <Full identity from certificate>, Verified by: <CA name> (NOT TRUSTED), Your connection to this site is stamped to "prove" it came from the site owner, but is not protected against wiretapping" Larry: "Owner: <Full identity from certificate>, Verified by: <CA name> (NOT TRUSTED)" For https: sites with an untrusted, but otherwise valid certificate and a real encryption level. Correct messages: Address bar: "" (same as current) Tooltip: "Verified by: <CA name> (NOT TRUSTED)" Popup: "Which is run by: <Full identity from certificate>, verified by <CA name> (NOT TRUSTED), Your connection to this site is encrypted to prevent wiretapping" Larry: "Owner: <Full identity from certificate>, ENCRYPTED, Verified by: <CA name> (NOT TRUSTED)" For https: sites with a trusted non-EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Current messages: Address bar: "" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: (unknown), verified by <CA name>, Your connection to this site is ????" Larry: "Owner: this site does not provide identity information, verified by: <CA name>" Correct messages: Address bar: "" (same as current) Tooltip: "<Name from certificate>, Verified by: <CA name> (limited checking)" Popup: "Which is run by: <Full identity from certificate>, Verified by: <CA name> (limited checking), Your connection to this site is stamped to prove it came from the site owner, but is not protected against wiretapping" Larry: "Owner: <Full identity from certificate>, Verified by: <CA name> (limited checking)" For https: sites with a trusted non-EV certificate and a real encryption level. Current messages: Address bar: "" Tooltip: "<Name from certificate>, Verified by: <CA name>" Popup: "Which is run by: (unknown), verified by: <CA name>, Your connection to this site is encrypted to prevent eavesdropping" Larry: "Owner: This web site does not supply identity information., verified by: <CA name>" Correct messages: Address bar: "" (same as current) Tooltip: "Verified by: <CA name> (limited checking)" Popup: "Which is run by: <Full identity from certificate>, verified by <CA name> (limited checking), Your connection to this site is encrypted to prevent wiretapping" Larry: "Owner: <Full identity from certificate>, ENCRYPTED, Verified by: <CA name> (limited checking)" For https: sites with a trusted EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Current messages: Address bar: "<EV name from certificate>" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, "Your connection to this site is ????" Larry: "Owner: <EV name from certificate>, verified by: <CA name>" Correct messages: Address bar: "<EV name from certificate>" (same as current) Tooltip: "Verified by: <CA name>" (same as current) Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, Your connection to this site is stamped to prove it came from the site owner, but is not protected against wiretapping" Larry: "Owner: <Full EV identity from certificate>, verified by: <CA name> (thorough checking)" For https: sites with a trusted EV certificate and a real encryption level Current messages: Address bar: "<EV name from certificate>" Tooltip: "Verified by: <CA name>" Popup: "Which is run by: <Full EV identity from certificate<, verified by <CA name>, Your connection to this site is encrypted to prevent eavesdropping" Larry: "Owner: <EV name from certificate>, verified by: <CA name>" Correct messages: Address bar: "<EV name from certificate>" (same as current) Tooltip: "Verified by: <CA name>" (same as current) Popup: "Which is run by: <Full EV identity from certificate>, verified by: <CA name>, Your connection to this site is encrypted to prevent wiretapping" Larry: "Owner: <Full EV identity from certificate>, verified by: <CA name> (thorough checking)"
I wrote this on the wrong thread so i guess i better put it here, mods can remove it from the other thread. I'm not happy about the SSL wording. What concerns me is i have a website that utilizes a cheaper SSL certificate and when you click the bar in SSL mode it says run by unknown, now when i signed up to my SSL certificate it gets linked to my domain, i'm not too pleased that in order to get the most out of Mozilla you need an extended validation SSL certificate, i'm sure run by unknown is the same as "possible scam artist" to some minds who might visit my site. On the other hand Internet Explorer says Geotrust has identified this site, view the certificate, it gives confidence to the customer. Surely Mozilla can word things better so that those of us with cheaper SSL certificates can actually benefit and not put potential customers off, if your rival Internet Explorer can get this right then why can't you. Of course you click the link in Mozilla and it also says This web site does not supply ownership information. Thats another off putting thing to potential customers, you don't seem to want to do anything positive to fix this and we can't all afford expensive EV certificates. Why can't you just do what Internet Explorer does, is it that the extended certificate companies are sponsoring Mozilla or is that paranoid talk, ok it's probably paranoid talk but you do some of your users an injustice by not fixing this issue. The wording should be more like Internet Explorer so that any customers are not scared off of a genuine site using cheaper SSL certificates.
I also feel that the "which is run by (unknown)" wording -for non-EV SSL sites cases- is confusing. it influences the uses negativily that the site is visiting *might* be a scam, even if it isn't. Suggestion: in non-EV SSL sites, (eg. https://bugzilla.mozilla.org !!) it would be better to simply show: You are connected to mozilla.org Verified by GeoTrust Inc. "Your connection to this site is encrypted to prevent eavesdropping" instead of the current: You are connected to mozilla.org which is run by (unknown) Verified by GeoTrust Inc. "Your connection to this site is encrypted to prevent eavesdropping" in other words: remove the "which is run by (unknown)" part for non-EV SSL sites.
First of all it is embarrassing for Mozilla to not have done anything about this for more than 4 years and 16 product versions, despite *multiple* bug reports here, and promises on some of those bug reports that specific named developers would get round to it shortly after Firefox 3. In the passing years, I have slightly reconsidered my proposed messages, so below are the updated texts. Key changes include: - Updated to match the Fx 18 UI - More emphatically warn about weaker certificate types, but without lying. This includes prefixes to the word "verified" indicating the level of checking stated by the CA. - Added a category for class 1 (domain validated) certificates. Detecting these is somewhat heuristic, but is based exclusively on authenticated certificate attributes so organizational and other manually imported CAs get the same detection. Key things to recognize: Any cert in the chain has "class 1" in an appropriate field, End cert subject organization field is missing, End cert subject organization field is exactly a CN or SAN or a DNS syntactical parent of a CN or SAN, End cert subject organization field is one of the "magic strings" used by Moz trusted CAs for this, any other indication found by a survey of actual DV certs made by Moz-trusted CAs and not detected by that already stated. - Strong indication of sites allowed by exception only, to emphasize that there is something truly wrong here even though the user has made a special exception. Because these are the same symptoms as when a connection has been compromised in the way they are supposed to prevent. - Unencrypted or weak encryption is called out with a special warning and icon. - Sites allowed by exception only are called out with another warning and an even more ominous icon. - Cross site data leakage is called out as nullifying the site owner identity, as the user is suddenly communicating with other people too. If this offends anyone, tell them to get a clue. As a special exception, you may allow the historic "site seals" used by specific old CAs, using a table of which https URLs are site seals for each of those CAs, with a warning to each of those CAs that the exception will go away on a specific future date and they should change their customers to change to a site hosted, CA generated icon that links to a certificate specific CA page, e.g. <a href="https://seal.geriati-ca.com/check/123ABCDEF" title="click to verify"><img src="/sitepath/geriaticaseal123ABCDEF.gif" alt="click to verify" /></a> where the site owner downloads the gif from the CA and is free to pick the value of "/sitepath/". General structure of the proposed messages: - Anything with a certificate is described as "<Xyz-Verified> by: <CA name> (<checking phrase>)" where "<Xyz-Verified>" and "<checking phrase>" both indicate the certificate verification level as either "Not at all", "By exception only", "Class 1", "Regular" or "EV". - The entity verified is called out using different words according to the certificate verification level too: "Somewhere/Nothing", "Usual place", "Mess", "Site", "Site owner", "Real site owner" - Owner information can be "not independently verified" (no certificate), "not checked" (class I certificate) or an actual identity (regular and EV certificates). It can also be an error message. - There are 3 new icons (besides padlock and globe): "Stamp" for signed but not encrypted, "!!" for problems that can be reasonably explained away by the user, "warning triangle" for problems that can only be fixed by the website owner and which the user is ignoring at his own peril. - There are also 3 somewhat new address bar color options: Red for serious issues, purple for certificate only trusted by user exception, but otherwise fine, yellow for valid non-EV certificate. Notice that there are 6 icon+color combinations, but only 5 icons and 5 colors. The purple versus red distinction tells the user if additional problems exist beyond a previously acknowledged trust issue. Notation supplement: "//" means a newline and a new field. "*text*" means "text" shown in bold. <Certificate problem string> is an error such as "Certificate expired", "Certificate in future, is your clock set?", "Certificate stolen" (compromised according to CRL or OCSP), "Certificate revoked", "Wrong site" etc. or "Multiple problems" if more than one apply. <All certificate problem strings> means the same as <Certificate problem string> unless that would be "Multiple problems". For plain HTTP sites: Correct messages: Address bar: "" (same as current) Address bar icon: Globe (same as current) Address bar color: White (same as current) Tooltip: "Insecure connection, risk of wiretaps and fakes" Popup: "Your connection to this site is not protected against wiretapping or tampering // the owner of the real web site has not been independently verified" Larry: "*Owner:* The identity of this web site is not verified by a digital certificate // *Not Verified!*" For https: sites with an expired, wrong or otherwise invalid valid certificate (other than just an untrusted root) and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Address bar icon: Warning triangle Address bar color: Red Tooltip: "<Certificate problem string>" Popup: "*<Certificate problem string>* // Refused by: <CA name> // *This connection is only allowed because you made an exception* // Your connection to this site is stamped to "prove" nothing, but is not protected against wiretapping" Larry: "*Certificate problems:* <All certificate problem strings> // *Owner:* <Full identity from certificate> // *Refused by:* <CA name> // *Exception:* Your exception to allow this connection is permanent/temporary (click to change or revoke) // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to "prove" it came from the same place you made an exception for, but is not protected against wiretapping" For https: sites with an expired, wrong or otherwise invalid certificate and a real encryption level. Correct messages: Address bar: "" (same as current) Address bar icon: Warning triangle Address bar color: Red Tooltip: "<Certificate problem string>" Popup: "*<Certificate problem string>* // Refused by: <CA name> // *This connection is only allowed because you made an exception* // Your connection to somewhere is encrypted to prevent wiretapping" Larry: ""*Certificate problems:* <All certificate problem strings> // *Owner:* <Full identity from certificate> // *Refused by:* <CA name> // *Exception:* Your exception to allow this connection is permanent/temporary (click to change or revoke) // ... // *Technical details*: <usual text>" For https: sites with non-ssl elements: Correct messages: Address bar: "" (same as current) Address bar icon: Double exclamation point Address bar color: Red Tooltip: "Unsecure elements on page" Popup: "Which is run by: <Same text as for the all-https case> // <Same verified by text as for the all-https case> // *This page contains elements not secured by https, security is not ensured*" Larry: "*Owner:* <Same text as for the all-https case> // <Same verified by text as for the all-https case> // *Exception:* Your exception to allow this connection is permanent/temporary (click to change or revoke) // *This page contains elements not secured by https, security is not ensured* // ... // *Technical details:* // <Same text as for the all-https case>" For https: sites with an untrusted, but otherwise valid certificate (root not trusted, everything else is ok) and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Address bar icon: Double exclamation point Address bar color: Purple Tooltip: "Wiretapping possible" Popup: "Which is run by: <Full identity from certificate> // FAKE Verified by: <CA name> (NOT TRUSTED) // *This connection is only allowed because you made an exception* // Your connection to this site is stamped to "prove" it came from the usual place, but is not protected against wiretapping" Larry: "*Owner:* <Full identity from certificate> // *FAKE Verified by:* <CA name> (NOT TRUSTED) // *Exception:* Your exception to allow this connection is permanent/temporary (click to change or revoke) // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to "prove" it came from the same place you made an exception for, but is not protected against wiretapping" For https: sites with an untrusted, but otherwise valid certificate and a real encryption level. Correct messages: Address bar: "" (same as current) Address bar icon: Double exclamation point Address bar color: Purple Tooltip: "This connection is only allowed because you made a exception" Popup: "Which is run by: <Full identity from certificate> // FAKE Verified by: <CA name> (NOT TRUSTED) // *This connection is only allowed because you made an exception* // Your connection to this site is encrypted to prevent wiretapping" Larry: "*Owner:* <Full identity from certificate> // *FAKE Verified by:* <CA name> (NOT TRUSTED) // *Exception:* Your exception to allow this connection is permanent/temporary (click to change or revoke) // ... // *Technical details*: <usual text>" For https: sites with parts from multiple https servers with different certificate subject organization+state(if any)+country or different owner domain name (if all certs are class 1, "owner domain name" means 2nd or 3rd level depending on table of TLD practices shared with other security code) and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Address bar icon: Double exclamation mark Address bar color: Red Tooltip: "Wiretapping possible" Popup: "This page mixes parts from different places, the browser cannot safely determine what parts of the screen comes from whom // Your connection to this site is stamped to prove it came from the mess, but is not protected against wiretapping" Larry: "*Owner:* Multiple owners // *Verified by: Multiple CAs* OR <the weakest appropriate phrase if all is from the same CA> // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to "prove" it came from the site, but is not protected against wiretapping" For https: sites with parts from multiple https servers with different certificate subject organization+state(if any)+country or different owner domain name (if all certs are class 1, "owner domain name" means 2nd or 3rd level depending on table of TLD practices shared with other security code): Correct messages: Address bar: "" (same as current) Address bar icon: Double exclamation mark Address bar color: Red Tooltip: "Multiple unrelated owners" Popup: "This page mixes parts from different places, the browser cannot safely determine what parts of the screen comes from whom // Your connection to this mess is encrypted to prevent wiretapping" Larry: "*Owner:* Multiple owners // *Verified by: Multiple CAs* OR <the weakest appropriate phrase if all is from the same CA> // ... // *Technical details*: <usual text>" For https: sites with a trusted class 1 certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Address bar icon: Diagonal stamp Address bar color: Yellow Tooltip: "Wiretapping possible" Popup: "Which is run by: Owner identity not checked // Sloppy-Verified by: <CA name> (domain only check) // Your connection to this site is stamped to prove it came from the site, but is not protected against wiretapping" Larry: "*Owner:* Owner identity not checked // *Sloppy-Verified by:* <CA name> *(domain only check)* // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to "prove" it came from the site, but is not protected against wiretapping" For https: sites with a trusted class 1 certificate and a real encryption level. Correct messages: Address bar: "" (same as current) Address bar icon: Padlock Address bar color: Yellow Tooltip: "Half-verified by: <CA name> (limited checking)" Popup: "Which is run by: Owner identity not checked // Sloppy-verified by <CA name> (domain only check) // Your connection to this site is encrypted to prevent wiretapping" Larry: "*Owner:* Owner identity not checked // *Sloppy-verified by:* <CA name> *(domain only check)* // ... // *Technical details*: <usual text>" For https: sites with a trusted non-EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "" (same as current) Address bar icon: Diagonal stamp Address bar color: Yellow Tooltip: "Wiretapping possible" Popup: "Which is run by: <Full identity from certificate> // Half-Verified by: <CA name> (limited checking) // Your connection to this site is stamped to prove it came from the site owner, but is not protected against wiretapping" Larry: "*Owner:* <Full identity from certificate> // *Half-Verified by:* <CA name> *(limited checking)* // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to prove it came from the real site owner, but is not protected against wiretapping" For https: sites with a trusted non-EV certificate and a real encryption level. Correct messages: Address bar: "" (same as current) Address bar icon: Padlock Address bar color: Yellow Tooltip: "Half-verified by: <CA name> (limited checking)" Popup: "Which is run by: <Full identity from certificate> // Half-verified by <CA name> (limited checking) // Your connection to this site is encrypted to prevent wiretapping" Larry: "*Owner:* <Full identity from certificate> // *Half-verified by:* <CA name> *(limited checking)* // ... // *Technical details*: <usual text>" For https: sites with a trusted EV certificate and a signature-only encryption level (such as "0 bit authentication only (RSA/SHA)") Correct messages: Address bar: "<EV name from certificate>" (same as current) Address bar icon: Diagonal stamp Address bar color: Yellow (because EV sites should not do this) Tooltip: "*wiretapping possible*" Popup: "Which is run by: <Full EV identity from certificate> // Verified by: <CA name> // Your connection to this site is stamped to prove it came from the site owner, but is not protected against wiretapping" Larry: "*Owner:* <Full EV identity from certificate> // *Verified by:* <CA name> *(thorough checking)* // ... // *Technical details:* // *Connection signed: No encryption (<algorithm>)* // Your connection to this site is stamped to prove it came from the real site owner, but is not protected against wiretapping" For https: sites with a trusted EV certificate and a real encryption level Correct messages: Address bar: "<EV name from certificate>" (same as current) Address bar icon: Padlock Address bar color: Green Tooltip: "Verified by: <CA name>" (same as current) Popup: "Which is run by: <Full EV identity from certificate> // Verified by: <CA name> // Your connection to this site is encrypted to prevent wiretapping" Larry: "*Owner:* <Full EV identity from certificate> // *Verified by:* <CA name> *(thorough checking)* // ... // *Technical details*: <usual text>"
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.