Closed Bug 720164 Opened 13 years ago Closed 13 years ago

Site identity block does not distinguish between valid certificates and cert overrides

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 545606

People

(Reporter: briansmith, Unassigned)

Details

(Whiteboard: [parity-Chrome]) 

The site identity block looks the same when certificate validation succeeded as it does when certificate validation failed but there was an override. The site identity block should have some kind of indication that an override was used.

Google Chrome shows the broken lock and crossed-out https in this scenerio.
The text in the box differs, to indicate that you verified the identity rather than a CA, but you're right that the identity block itself doesn't. I'm not sure that's a problem, though - the only purpose of a non-EV cert is to verify the domain<->key binding, and the user has taken it upon themselves to do that in this case. Why should primary chrome differ?
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.