On 29/1/09 17:36, Johnathan Nightingale wrote:
On 29-Jan-09, at 8:29 AM, Ian G wrote:
On 29/1/09 13:31, Jean-Marc Desperrier wrote:
Gerv, what about changing the Firefox SSL page/implementation so that in
that situation, for those 99% of the market, it gives the most
informative information, non scary, non blocking possible ? Even when
there was an error in the configuration ?
And then for the remaining 1% you put a very scary message, that's
impossible to get through for an average user.
I should check what Chrome puts behind the "help me understand" link.
+1, and to Johnathon. I also wanted to point out that the above page
is the sort of into that I'd like to see when Firefox hits a confusing
cert.
I think I'm hearing an RFE to change the cert error page to link to
elaborated information elsewhere (probably on support.mozilla.com, but
maybe on mozilla.com itself) which explains this problem to users,
possibly with a section for site administrators too. I might also be
hearing a request to change the blocking behaviours in those cases.
Hmm, nope, apologies, I wasn't clear. What I wanted was something like
the behaviour shown on that page, when it comes in contact with a cert,
to be incorporated as behaviour in firefox. So that when firefox trips
over a cert, it could show something like that.
=============================
|
| There is a problem with this cert!
|
| ==> *The cert was not issued by a known CA* <==
| The cert has expired or is not yet valid
| The cert was issued for a different website
| This is a self-signed cert and is unreliable
| The cert has been revoked
| The cert uses an old, bad feature or algorithm
|
| We recomend that you close the page and go elsewhere.
|
| Click here to be a good boy
| Click here to be a bad boy
| More info for the brave!
|
==============================
On that page it highlights one of the choices, indicating the useful
info, and provides a click for the future.
(I think some elements of this are seen in the new version you demo'd a
while back, but I couldn't find it to compare in detail.)
I'd say the thing to do is file bugs.
Sure. Once we understand the sense of what is wanted, and we eliminate
the likelihood that the bug is already filed, I can do that :)
Firefox::Security should work as
component for both of them, since you're talking about the
firefox-custom about:certerror page. Eventually we'll probably need a
related bug to create the appropriate web content for the former, but
first we should iron out the details of what's being described. Neither
change would make 3.1 since we're past string-freeze and about to
release our last beta, and these are changes that should have beta
exposure, but 3.2 planning is already beginning.
Yeah, next time is fine.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
