Multiple https bad-certificate warnings should be combined

RESOLVED DUPLICATE of bug 327181

Status

P2
enhancement
RESOLVED DUPLICATE of bug 327181
18 years ago
2 years ago

People

(Reporter: jmd, Assigned: vhaarr+bmo)

Tracking

1.0 Branch

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
Going to this URL, you have to go through three seperate dialogs to access it.

The first states the certificate is expired.
The second, that the certificate was not issued by a trusted CA.
The third alerts you to the fact that the name on the cert doesn't match the site

MSIE shows all three of these in one dialog, with a green check next to what's
OK, and a red X (or yellow warning <!> sign, in IE6) in front of any of the
three that aren't OK.

This is ALOT cleaner, you are presented all the information, then can make one
decision on how to proceed, rather then presenting small parts of the
information, and making three seperate desicions.
Moving to PSM product and marking Enhancement.

"a lot" is two words.
Assignee: mstoltz → ssaux
Severity: normal → enhancement
Component: Security: General → Client Library
Product: Browser → PSM
Summary: https warnings are three seperate dialogs → [RFE]https warnings are three seperate dialogs
Version: other → 2.1

Updated

18 years ago
Priority: -- → P2
Target Milestone: --- → Future

Updated

18 years ago
QA Contact: bsharma → junruh
I pestered Håkan to do this when he was fixing bug 91466, but apparently that 
bug was difficult enough as it is.
Summary: [RFE]https warnings are three seperate dialogs → Multiple https warning alerts should be combined
(Reporter)

Comment 3

17 years ago
Also worth noting that after saying OK to the three dialogs, the 'entering a
secure site' dialog says:

"... The website has identified itself correctly and all ..." Which is kind of
misleading. It couldn't id itself correctly, so we bypassed that part. That's
fairly trivial though, the three dialogs is the main problem.

Updated

17 years ago
Summary: Multiple https warning alerts should be combined → Multiple https bad-certificate warnings should be combined

Comment 4

15 years ago
*** Bug 194269 has been marked as a duplicate of this bug. ***

Comment 5

15 years ago
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody.  Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core
(Assignee)

Comment 7

13 years ago
Created attachment 198851 [details]
bad certificate dialog prototype

Bah I just wrote a long comment and then the browser crashed ... *sob*! I'll
try writing it again.

First prototype of the proposed Bad Certificate dialog. As you can see here the
"View Certificate" button is missing and the Cancel button doesn't have a label
.. I think this is because we're not chrome. I'm not sure. If you want to see
how it should look, take a look at
<https://bugzilla.mozilla.org/attachment.cgi?id=198577>.

This is how I think it should be:
 * Lists the various issues found with the certificate with bullet points and
short, to-the-point, explanations.
 * Clicking Cancel aborts the request and does not store anything about the
certificate. If you visit the URL again you will get the same box.
 * Checking the checkbox has no effect if you click Cancel.
 * Checking the checkbox and clicking Continue should store the certificate
forever (permanent storage).
 * NOT checking the checkbox and clicking Continue should store the certificate
for the rest of the session.
 * Clicking "View Certificate" brings up the dialog as it exists today.
Assignee: nobody → vhaarr+bmo
Status: NEW → ASSIGNED
Attachment #198851 - Flags: review?(kaie.bugs)
(Assignee)

Comment 8

13 years ago
(In reply to comment #7)
> First prototype of the proposed Bad Certificate dialog. As you can see here the
> "View Certificate" button is missing and the Cancel button doesn't have a label
> .. I think this is because we're not chrome.

I see that in Seamonkey the "Continue" button doesn't have a label either. It
works when called from chrome :-)

In any case the review request is for the dialog. If you + it, I'll try to
implement.
(Assignee)

Comment 9

13 years ago
Baah! I knew I forgot something:

The wording would of course have to be enhanced greatly (and reviewed by the
right people), but you should get the general idea from the prototype.
Good work, Vidar. Thanks! Suggestions:
1.  Use the standard Windows+Mac+Epiphany quote style: double curly quotes.
2.  'The “mozilla.org” security certificate is faulty.' Fewer words is
    better (though the adjective might need tweaking).
3.  Who's "we"? Try "issued by an unknown certificate authority".
4.  Changing "Continue" to "Continue Anyway" would make the entire "Are you
    sure you want to continue?" line unnecessary.
5.  Repeating "The certificate" is awkward. Fortunately, (4) above means the
    bullet points are now immediately underneath "The ... certificate is
    faulty", so "The certificate" in the list items can be changed to "It".
6.  Is the checkbox necessary? It's awkward because once you've trusted a
    site, it's not obvious how you un-trust it again.
7.  What's the overall risk here? The only browser I've seen trying an
    actual explanation is Safari, which says: 'You might be connecting to a
    website that is pretending to be “mozilla.org” which could put your
    confidential information at risk.' Is that true? If so, perhaps Mozilla
    could follow the list with a shorter equivalent: 'This might not be the
    real “mozilla.org” site.'
(Assignee)

Comment 11

13 years ago
(In reply to comment #10)
Thanks for taking a look.

> 2.  'The “mozilla.org” security certificate is faulty.' Fewer words is
>     better (though the adjective might need tweaking).

Agreed, I'm not keen on "faulty". Hm. I like your other suggestions though.

I don't understand what you mean by #7. I think you're talking specifically
about domainMismatch?

I think I'll also implement the expired message a bit different. For example, if
the certificate expired withing the last 12 months: "It expired about X months
ago.", and if it expired more than 12 months ago: "It expired more than X years
ago." and so on. The user can get the actual date (which he really does not care
about) by clicking 'View Certificate'.
Hm.. Could we go even further and just say "It has expired." ? I really can't
envision anyone ever caring about the date or relative point in time.
2.  Perhaps "not reliable". That more accurately covers the case where
    you're using Firefox 1.5 at a site whose cert's CA was introduced to the
    default CA list in Firefox 2.1.
7.  I meant it to apply to all problems, not just domain mismatch. But you'd
    need to corner an SSL expert and (a) come up with a set of real-world
    scenarios that these alerts protect you against, (b) find out whether/
    why it's useful to distinguish the various problems, and (c) find out
    whether/why it's good to know how long ago a certificate expired.
(Assignee)

Comment 13

13 years ago
beltzner: Do you have any comments to the proposed UI (attachment 198851 [details])?

Of course, the UI can be polished after the core changes are made (there is lots of work to do there), so I'm thinking more along the conceptual lines, because it might influence design choices to be made in the code.

Comment 14

13 years ago
Will this code also affect firefox? (Sorry, might be a stupid question - but so much UI code seems to be forked from seamonkey.)
(Assignee)

Comment 15

13 years ago
(In reply to comment #14)
> Will this code also affect firefox? (Sorry, might be a stupid question - but so
> much UI code seems to be forked from seamonkey.)

Yes.
Comment on attachment 198851 [details]
bad certificate dialog prototype

adding review to my queue
Attachment #198851 - Flags: ui-review?(beltzner)
Please note that I started to work on an approach that combines the dialog and will allow the option to remember a override for a certain hostname+cert pair.
What's there to review here?  
There's no patch ready for checkin.  

See also bug 327181 and its attachments.  
That proposal is similar to this one,
is also very like IE's error page,
and IMO is more effective against phishing,
because it stops the user from immediately
overriding the ONLY error that he will ever 
see to warn him he's being phished.

QA Contact: junruh → ui
Another issue:  
Bad cert dialogs should NEVER say "This cert belongs to", because that is
the fundamental problem.  The cert CLAIMS to belong to the named party
but very well may belong instead to an attacker.  In stating that "this 
cert belongs to" the named party, we are acting as the CA, we are 
asserting that the certificate's contents are true, even though the very
cause of this warning is precisely that we do NOT know that it is true.
Comment on attachment 198851 [details]
bad certificate dialog prototype

Beltzner's self-request for ui-review is now 16 months old.
Johnathan, would you review it?  Also, please consider the alternative proposal in bug 327181
Attachment #198851 - Flags: review?(johnath)
Comment on attachment 198851 [details]
bad certificate dialog prototype

This is not the plan of record.  I think the requestees should just r- it instead of letting it rot.  I'm cancelling my request.
Attachment #198851 - Flags: review?(johnath)
This was addressed with bug 327181, marking as duplicate.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 327181

Updated

11 years ago
Attachment #198851 - Flags: ui-review?(beltzner)
Attachment #198851 - Flags: review?(kengert)

Updated

11 years ago
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.