-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ian G wrote:
| Is this a valid cert? Who is USERTRUST? I never heard | of these guys, and Firefox has definately offended me | by claiming | | "The website www.paypal.com supports | authentication for the page you are viewing. The | identity of this web site has been verified by The | USERTRUST Network, a certificate authority you | trust for this purpose." | | That's a bug. I do not trust USERTRUST for any purpose, | and I've never even heard of them, so there is no way that | I can trust them! | Agreed.
| Probably what it should say is ... I don't know - that's a | really tricky one. C.f., discussion over this weekend with | Frank Hecker on "trust bits" but we can't use that term | in user notices. | | A second bug is that it took me a while to find the cert | information. Clicks on the padlocks did nothing, I guess | this is a FreeBSD bug? Anyway, I found it under Tools/PageInfo, | which I'd describe as "obscure" and our average users | will probably find it tough. Hopefully the padlock click | failure would work for them though. |
Ditto on Firefox running on Mac OS X. And unfortunately the OS X architecture seems to suggest that once a certificate is 'trusted' there is no reason for you wanting to see it ever again by clicking the padlock. One has to navigate the byzantine Mac keychain...
~ I don't have a FreeBSD box to test on, but clicking on the padlock *does* work for me on Debian with Firefox and Mozilla.
Wren
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin)
iD8DBQFCB2aHA/qR4Uok1vQRApmFAJ9Qvn7Lm2ZN5nVKGJ/X5BdQy+IMOwCfRGUN ftfzqdSA9LXdzNd2zbJdxRI= =6ngE -----END PGP SIGNATURE----- _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
