When Firefox goes to one of the non-default sites, it is presented with the default cert and indicates it is wrong. I then click through and accept it, so https is opened up on the site. But, down in the bottom right, instead of displaying the correct details about the certificate that is in use, it displays the host name that we went to.
This is correct, and by design. The rationale was as follows:
- Certs often contain wildcards, which cannot easily be understood by end users. (What does "mecha|rheet.mozilla.org" mean?) We needed to display a single hostname in that space at all times.
- If you've already clicked through a warning which says "Hey, there's something funny going on here", you don't IMO have a right to expect that the security UI will continue to be correct.
Suggestions for other ways of dealing with issue 1) while preventing issue 2) are welcomed.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
