Closed
Bug 720164
Opened 13 years ago
Closed 13 years ago
Site identity block does not distinguish between valid certificates and cert overrides
Categories
(Core Graveyard :: Security: UI, defect)
Core Graveyard
Security: UI
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 545606
People
(Reporter: briansmith, Unassigned)
Details
(Whiteboard: [parity-Chrome])
The site identity block looks the same when certificate validation succeeded as it does when certificate validation failed but there was an override. The site identity block should have some kind of indication that an override was used. Google Chrome shows the broken lock and crossed-out https in this scenerio.
Comment 1•13 years ago
|
||
The text in the box differs, to indicate that you verified the identity rather than a CA, but you're right that the identity block itself doesn't. I'm not sure that's a problem, though - the only purpose of a non-EV cert is to verify the domain<->key binding, and the user has taken it upon themselves to do that in this case. Why should primary chrome differ?
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•