HJ wrote:
First of all, i've just updated my screenshot:
http://multizilla.mozdev.org/screenshots/features/spoofing/new-ssl-site-bimsheet-v2.jpg
I doubt most users will ever "open this expander" :(
> Nelson B wrote:
While you're at it, you should display all the "subject alternative names" in the cert, in addition to the "Common Name".
I came to the same conclusion, at least I hope you are revering at this kind of info:
CN = www.paypal.com OU = Terms of use at www.verisign.com/rpa (c)00 OU = Information Systems O = Paypal, Inc. L = Palo Alto ST = California C = US
All that info is part of the cert's "subject name". The data shown above follows the old legacy convention of putting the host's domain name into the subject name's "common name" (CN) field. Modern certs don't do that any more. They put the host names (there can be more than one) into the cert's list of "subject alternative names", something that is not part of the info shown above.
Today, mozilla doesn't show the "subject alternative names" info at all. :( I propose that you change your UI to show that info. If you do that, you will have fixed bug https://bugzilla.mozilla.org/show_bug.cgi?id=230655 which is now over a year old.
/Nelson _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security