Behaviour of Firefox for untrusted certificates

Martin Graesslin ubuntu at martin-graesslin.com
Tue Apr 29 18:28:25 BST 2008 

Hi,

this is my first mail to this list and I hope it is the correct one. I was 
redirected to use mailinglist for my suggestion made in bug 224307. Here is my 
initial comment:

Firefox has a very strange behaviour if you visit a https site which uses 
self-signed or untrusted certificates.
Here the error:
 "Secure Connection Failed
 mail.martin-graesslin.com uses an invalid security certificate.
 The certificate is not trusted because the issuer certificate is not trusted.
 The certificate is not valid for any server names.
 (Error code: sec_error_untrusted_issuer)
     * This could be a problem with the server's configuration, or it could be 
someone trying to impersonate the server.
     * If you have connected to this server successfully in the past, the 
error may be temporary, and you can try again later."

IMHO this behaviour is wrong. Firefox should load the page nevertheless. 
Authentification is not the most important feature of TLS, but encryption.
Many university pages are encrypted with not "trusted" certificates. And this 
is quite OK. Why should a university spend money for a "real" certificate. 
Personally I trust my university more than for example Verisign.
For a user who does not know about how TLS encryption works the page is 
completely wrong. He will not know and understand that the webpage uses an 
"untrusted" certificate, but will think that there is some real problem.
Please change the behaviour. I do not have any problem with a warning as it 
used to be in Firefox 2, but not loading at all is just - well let's say 
stupid.

---

Just to say: Personally I use Konqueror and don't really care about the 
development of Firefox. But this behaviour really struck me as it is as I said 
IMHO completelly wrong and not userfriendly.

Best Regards
Martin Gräßlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ubuntu.com/archives/ubuntu-mozillateam/attachments/20080429/b438ad4a/attachment.pgp

More information about the Ubuntu-mozillateam mailing list