[Bug 197421] [NEW] Firefox UI for SSL certificate shows incomplete domain
Malcolm Scott
ubuntu_m at lcolm.org.uk
Sat Mar 1 21:09:42 UTC 2008
Public bug reported:
Binary package hint: firefox-3.0
If I visit a HTTPS site and click the favicon by the URL bar, the pop-up
balloon containing information about the SSL certificate appears to
always display exactly the last two levels of the domain name only.
This results in misleading/useless information in some cases, especially
for domains in countries where the TLD is subdivided (co.uk/org.uk
etc.). E.g.:
https://www.bethere.co.uk/ has CN=www.bethere.co.uk, and is displayed as "You are connected to co.uk"
https://csg.trinhall.cam.ac.uk/ has CN=csg.trinhall.cam.ac.uk, and is displayed as "You are connected to ac.uk"
https://control.retrosnub.co.uk/ has CN=*.retrosnub.co.uk, and is displayed as "You are connected to co.uk"
https://www.zipzap.co.nz/ has CN=www.zipzap.co.nz and is displayed as "You are connected to co.nz"
I would argue that it's dangerous to strip any parts of the domain name
in this information, as it's a generalisation which won't necessarily be
always valid, even if it's done more intelligently than it currently is.
I'm using firefox-3.0 version 3.0~b3+nobinonly-0ubuntu4 in hardy amd64.
** Affects: firefox-3.0 (Ubuntu)
Importance: Undecided
Status: New
--
Firefox UI for SSL certificate shows incomplete domain
https://bugs.launchpad.net/bugs/197421
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list