Closed Bug 93703 Opened 23 years ago Closed 17 years ago

Cert Viewer should show revocation status

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 340551

People

(Reporter: lord, Unassigned)

Details

(Whiteboard: [kerh-ehz]) 

The General tab of the Cert Viewer should show the status of CRL and OCSP
revocation checks.  

When a user opens the Cert Viewer, he should be able to tell if the client
performed any revocation check on that cert, and if so, which one.  In the case
of OCSP, the client should display the name (CN) of the response signer.

When a user finds that a cert has failed a revocation check, he'll want to know:
-which revocation scheme failed (CRL or OCSP)
-the cause of the failure
  For CRLs, the most common failures are:
    -The cert was actually revoked
    -The CRL has expired and the user needs to update it
  For OCSP, the most common failures are:
    -The cert was actually revoked (or put on hold, etc.)
    -The client could not reach the OCSP responder
In the case of CRLs, he'll want to be able to open the CRL manager to get more
information directly from the Cert Viewer.  He should not have to find the prefs
window and then dig for the Validation area.   
In the case of OCSP, he'll want to see if the server is back up.  In that case,
perhaps there should be a "try again" button.  Of course, closing and re-opening
the Cert Viewer would work too, but that's less obvious.
We need mockups of these scenarios.
P2
->future.
->rangansen

  Note that Javi removed the ocsp check on certs when displaying the cert
manager window.  This was necessary because of the huge amount of time it takes
to do this check, especially when something goes wrong (like when the ocsp
responder is down) see bug 87654

  The reason I bring this up in this bug is that we discussed having some
additional UI in the certManager that would allow a user to perform an ocsp
check on a specific cert "on demand" see bug 94425. Having the certViewer do
that may invalidate 94425, and not clutter the UI of the certManager.

  Adding reference to this bug in 94425 as well.
Assignee: ssaux → rangansen
Priority: -- → P2
Target Milestone: --- → Future
OS: other → All
QA Contact: ckritzer → junruh
Hardware: PC → All
Version: 2.0 → 2.1
OS > all
reassign former PSM engineers' bugs to nobody
Assignee: rangansen → nobody
QA Contact: junruh → nobody
Target Milestone: Future → ---
Product: PSM → Core
Whiteboard: [kerh-ehz]
QA Contact: nobody → ui
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.