In order to login again to the same server with a new identity, you would need to invalidate the SSL session. [...] [...] it's pretty
hard to envision what that would look like, from a user interface
point of view.
There might be a simple solution.
See http://bugzilla.mozilla.org/show_bug.cgi?id=55181#c72
about Basic authentification and the security implication of
automatically reused authentification.
Reuse is not necessarily the expected behaviour for users when connecting to the same site from a separate window.
Everytime the user goes to the adress by :
- typing it from the adresse bar
- selecting from a bookmark
- following a link from a different site
it might be better to not automatically reuse the existing
authentification be it HTTP or SSL (the last case might require
usability investigation to decide, what appears to mozilla as different sites might be internal links between a secure/non-secure portion of a site).
This could be instead show a prompt like :
----------------------------------- You are already identified with a certificat to site www.xxx.com
[x] Continue using current identification
[ ] Choose the certificat to present as identification
_____________________________
|_____________________________| Details of selected certificate:
_____________________________
| |
| |
|_____________________________| [ ] Don't ask me again when I'm already identified
[x] for this site [ ] for any site[OK] [CANCEL] [HELP] ----------------------------------- _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
