Behaviour of Firefox for untrusted certificates
Martin Graesslin
ubuntu at martin-graesslin.com
Tue Apr 29 18:28:25 BST 2008
Hi,
this is my first mail to this list and I hope it is the correct one. I was
redirected to use mailinglist for my suggestion made in bug 224307. Here is my
initial comment:
Firefox has a very strange behaviour if you visit a https site which uses
self-signed or untrusted certificates.
Here the error:
"Secure Connection Failed
mail.martin-graesslin.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_issuer)
* This could be a problem with the server's configuration, or it could be
someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the
error may be temporary, and you can try again later."
IMHO this behaviour is wrong. Firefox should load the page nevertheless.
Authentification is not the most important feature of TLS, but encryption.
Many university pages are encrypted with not "trusted" certificates. And this
is quite OK. Why should a university spend money for a "real" certificate.
Personally I trust my university more than for example Verisign.
For a user who does not know about how TLS encryption works the page is
completely wrong. He will not know and understand that the webpage uses an
"untrusted" certificate, but will think that there is some real problem.
Please change the behaviour. I do not have any problem with a warning as it
used to be in Firefox 2, but not loading at all is just - well let's say
stupid.
---
Just to say: Personally I use Konqueror and don't really care about the
development of Firefox. But this behaviour really struck me as it is as I said
IMHO completelly wrong and not userfriendly.
Best Regards
Martin Gräßlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ubuntu.com/archives/ubuntu-mozillateam/attachments/20080429/b438ad4a/attachment.pgp
More information about the Ubuntu-mozillateam
mailing list