44281 - [FEATURE] Show certificate authority in browser chrome

Status: VERIFIED FIXED

(SeaMonkey :: UI Design, defect, P1)

Description

[don]

This is the GUI portion of bug #39680.  See Bob Lord's comments in that bug for
a summary of the feature.  Still need some UI help with this.

Comment 1

[don]

Nominating for nsbeta2 and re-assigning to pchen.

Comment 2

[don]

Making this "nsbeta2+" just like bug #39680 and adding dependency on that bug.

Comment 3

[Brendan Donohoe]

Attachment: Screenshot of proposed UI representation.

Comment 4

[Brendan Donohoe]

I think this is a pretty straightforward problem.  The status bar spec 
contains information on this behavior, but it's pretty far out of date.  As the 
previously posted screenshot shows, I've pretty much followed Bob Lord's 
suggestion.  The text should go on the right side of the status bar, 
immediately to the left of the *locked* lock icon.  It should be slightly 
smaller than the standard status bar text (one size down) to differentiate it 
from the status and location information.  The text should only appear 
when there is relevant information to report and the space should 
otherwise be available for normal status bar use.  Also, there should be a 
small buffer 5-10 pixels between any status bar text and the CA 
information.

Comment 5

[Claudius Gayle]

cc'ing myself

Comment 6

[Paul Chen]

Checked in partial fix, display "<CA Info goes here>" when locked icon shows up. 
Need to work with ddrinan to get certificate authority string displayed.

Comment 7

[Paul Chen]

This one is practically done. I've just checked in the last of the "client" end 
code. Waiting for ddrinan to check in fix so that CA string actually gets saved 
by back end.

Comment 8

[don]

Talked to ddrinan earlier this evening.  Apparently PSM didn't get built 
correctly today with his fix.  So, god willing, this should "just work" in 
tomorrow's build.  But let's leave this open until we're sure.

Comment 9

[Paul Chen]

Got a new PSM from ddrinan, now display CA name in status bar. Stick a fork in 
it, it's done (with a working PSM, that is)

Comment 10

[sairuh (rarely reading bugmail)]

over to junruh for verification. (thx john!)

Comment 11

[Bob Lord]

Reopening the bug.

The current text says "Signed by...", but this is not entirely accurate. The 
page was sent by the SSL server (which is sort of the signer).  

It's much more accurate to say "Certified by...".

I'd like to request that we change this text, before B2 if possible.

Comment 12

[John Unruh]

This feature seems to have disappeared over the weekend. Now there is just the 
lock icon. Linux, Mac, and WinNT builds 072408.

Comment 13

[Kathleen :Brade]

remove "ETA DONE! (we think ...)" since lord has requested a string change and
junruh mentions another issue

Comment 14

[Paul Chen]

After looking through our Verisign contract, there is nothing that says there 
has to be text in the status bar, this is according to Don Melton, who was the 
unlucky sout that spent one morning pouring over the contract. Currently, CA 
text is a tooltip on the lock icon. Will ask PDT if ok to change string.

Comment 15

[leger]

Per todays triage, moving from [nsbeta2+] to [nsbeta2-]

Comment 16

[leger]

Putting on [nsbeta2+] to back out change to tooltip.  We need the text in the 
builds for PR2.  See petitta for questions.

Comment 17

[Michael La Guardia]

Let me add an additional comment here.  Here's what's going on.  We need to have
text showing up that identifies the issuer of a Cert by RTM.  Currently (today's
build) the tooltip solution doesn't seem to be working.  Jan and I stood at her
machine and pointed the browser at https://www.verisign.com, hovered the cursor
over the resulting lock icon, and saw no tooltip.

Personally, I think that the tooltip is the better way to go.  So the real
question is, what is the most realiable, lowest risk way of getting the cert
issuer name into the picture, fixing the tooltip or backing out the tooltip so
that it shows up in the chrome itself?

Comment 18

[Bob Lord]

I was thinking about why the tooltip feature did not work for LaGuardia and 
Leger.  It is *possible* that a bug in the display of the lock icon is masking 
the tooltip functionality.  

Try this: 
When you go to an SSL web site, click on an image and open it in it's own 
window.  That will make sure that the lock icon is both locked and solid (no red 
line).  Then try to see if the tooltip shows up.  If it does, then I would 
conclude that the tooltip feature is probably OK, and that this other (lock 
display) bug is getting in the way.

Just an idea.

Comment 19

[leger]

lord - I tried this and still did not get tooltip.  We just agreed at nsbeta2+ 
open bugs review that we should back out tooltip changes so this works again.  
mcafee to talk with pchen to do ASAP.

Comment 20

[leger]

Setting ETA to 7/31...hopefully pchen can back this out today!

Comment 21

[Chris McAfee]

pchen said he verified his branch build this morning, I am
not sure why this didn't get checked in.  Maybe it did and
that fact didn't get to the bug report?

Comment 22

[Paul Chen]

Backed out changes yesterday afternoon. Couldn't mark bug fixed because we lost 
outside internet connection right before I was going to mark bug fixed. Also, as 
far as I know, you still need a special PSM build to get this to work correctly. 
I have not seen the certificate authority name unless I get a PSM from ddrinan.

Comment 23

[John Unruh]

Will verify when the latest PSM 1.2 is checked in. Depends on bug 47176.

Comment 24

[Bob Lord]

This now works correctly as before on my home machine.  junruh should confirm on 
a clean machine.

Comment 25

[John Unruh]

This works on Win32 and Linux, but still says only "Signed by" on Mac build 
80304.

Comment 26

[Paul Chen]

Call to CMT_GetStringAttribute() for certificate authority string is NOT working
on Mac. Reassign to ddrinan because it's a backend issue. Since it works on both
windows and linux, sounds like a simple build issue to me or for some reason,
Mac specific code didn't get checked in.

Comment 27

[leger]

Will fix after PR2.  michaell cool with this.

Comment 28

[Bob Lord]

On today's build (08-18) it's broken again.

Comment 29

[Bob Lord]

*** Bug 48079 has been marked as a duplicate of this bug. ***

Comment 30

[David P. Drinan]

Re-assigning to Paul Chen since he did this work originally.

Paul, do you know why this has regressed? I traced through the PSM glue code and 
it does get the CA name for the cert that signed the SSL cert but for some 
reason it's not being displayed on the chrome.

Comment 31

[Bob Lord]

Another suggestion:
"Site secured by..."

Comment 32

[Phil Peterson]

PDT agrees P1 for tooltip fix as discussed.

Comment 33

[leger]

Putting [pdtp1] in whiteboard

Comment 34

[Paul Chen]

Ok, found what caused the tooltip not to show up, had Ben Goodger check it in for me because my PowerBook is having problems 
right now. I don't know if the CA is being set in the tooltip.

Comment 35

[Paul Chen]

Hmmm, I closed out bug 51756 but I guess this one's still open. The tooltip now
works thusly, it says "Show security information for this window" when the lock
icon is open, and it says "Signed by <certificate authority>" when the lock icon
is closed.

Comment 36

[Paul Chen]

I've seen enough of this bug, if you got issues, log another bug

Comment 37

[John Unruh]

Verified fixed.