HJ wrote:
Having troubles reading the text, try this one:
http://multizilla.mozdev.org/screenshots/features/spoofing/new-ssl-site-bimsheet.jpg
While you're at it, you should display all the "subject alternative names" in the cert, in addition to the "Common Name".
The "Common Name" is no longer considered the "right" place to contain the server's domain name. The right place is in the certificate's list of
"subject alternative names", and that list may contain multiple domain
names and/or IP addresses.
It's good to continue to display the common name, as many legacy certificates still use that. But more and more we see modern certs that don't have the domain name in the "common name", and hence the server's domain name doesn't appear in that dialog. If the dialog was fixed to display subject alternate names, that would help a lot.
It's a shame that this wasn't fixed in mozilla years ago. But PSM is an orphan. You're doing more to help PSM than has been done in a long time, and I (for one) appreciate it. I just wish your work was going into the main mozilla PSM source, rather than into an offshoot.
-- Nelson B _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
