Expired certificate error message should use a relative time instead of showing the current time

NEW
Unassigned

Status

()

Core
Security: PSM
P5
normal
6 years ago
2 years ago

People

(Reporter: jaws, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

When viewing https://johnath.com, I see the following error text under Technical Details:

The certificate expired on 10/26/2002 12:14 PM. The current time is 5/24/2012 7:02 PM.

Including the current time here doesn't seem to add much value. It seems to me that most people would be interested in the time delta between when it expired and the current time.

I think the text should be:
The certificate expired on 10/26/2002 12:14 PM, which is about 10 years ago.
IIRC, Kai originally added the timestamp because we were getting a significant number of bugs/confused users with badly-wrong internal clocks, causing legitimate certs to fail expiry tests - he hoped that having the current time in there would draw their attention, and get them to fix their clocks (an indirect hope, to be sure!)

Changing that to a delta is definitely more readable, but I wonder if it will lead users to the same realization?
Oh ok, yeah that makes sense. I figured it had to do with something like that.

If that is the goal of this text, would it be possible to (at least on Windows) check with time.windows.com to see how much clock skew is present? Then we would be able to give a more definitive "this certificate is expired because your system clock is wrong"-type message.

Comment 3

3 years ago
(In reply to (Limited avail. until June 16)  Jared Wein [:jaws] (please needinfo? me) from comment #2)

Related: Bug 712612 - When complaining about bad certificate dates (expired etc.), tell user if their clock is wrong

Updated

2 years ago
Duplicate of this bug: 1007572
Component: Security: UI → Security: PSM
Priority: -- → P5
Whiteboard: [psm-backlog]
You need to log in before you can comment on or make changes to this bug.