502344 - certificate selection mechanism presents too much information

Status: RESOLVED DUPLICATE of bug 396441

(Firefox :: Security, enhancement)

Description

[Henry Story]

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1) Gecko/20090616 Firefox/3.5
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1) Gecko/20090616 Firefox/3.5

When connecting to a web site that requests a client certificate the browser should present only a minimal client certificate menu containing the name part of the DN of the certificates (if they don't clash).

Reproducible: Always

Steps to Reproduce:
1. Create a number of client certificates 
  You can easily create these using a service such as
  http://test.foafssl.org/cert/
2. Go to a service that requests a client certificates. A number of such services are listed on http://esw.w3.org/topic/foaf+ssl
  One such is https://foafssl.org/srv/idp should be available. 
  Another one is the login button on http://foaf.me
3. The browser asks the user to select a client certificate. It shows much too much information, that is only understandable by software engineers.


Expected Results:  
The browser should ask the user to select the client certificate in a very minimal way, showing information that is much more relevant to the user: this is really only information pertaining to the name part of the DN.

Safari does a good job presenting the right information. See the pictures of the iPhone http://blogs.sun.com/bblfish/entry/one_click_global_sign_on
(Note the iPhone has a number of SSL bugs as listed here: 
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-June/000677.html )

Opera does it well too. See: http://www.flickr.com/photos/bblfish/3686166769/

Comment 1

[Henry Story]

This bug report is a duplicate or enhancement of 396441