Ubuntu
firefox-3.0 package

Firefox UI for SSL certificate shows incomplete domain

Bug #197421 reported by Malcolm Scott on 2008-03-01

Affects		Status	Importance	Assigned to	Milestone
	firefox-3.0 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: firefox-3.0

If I visit a HTTPS site and click the favicon by the URL bar, the pop-up balloon containing information about the SSL certificate appears to always display exactly the last two levels of the domain name only. This results in misleading/useless information in some cases, especially for domains in countries where the TLD is subdivided (co.uk/org.uk etc.). E.g.:

https://www.bethere.co.uk/ has CN=www.bethere.co.uk, and is displayed as "You are connected to co.uk"
https://csg.trinhall.cam.ac.uk/ has CN=csg.trinhall.cam.ac.uk, and is displayed as "You are connected to ac.uk"
https://control.retrosnub.co.uk/ has CN=*.retrosnub.co.uk, and is displayed as "You are connected to co.uk"
https://www.zipzap.co.nz/ has CN=www.zipzap.co.nz and is displayed as "You are connected to co.nz"

I would argue that it's dangerous to strip any parts of the domain name in this information, as it's a generalisation which won't necessarily be always valid, even if it's done more intelligently than it currently is.

I'm using firefox-3.0 version 3.0~b3+nobinonly-0ubuntu4 in hardy amd64.

Revision history for this message

Malcolm Scott (malcscott) wrote on 2008-03-01:

screenshot Edit (20.4 KiB, image/png)

Revision history for this message

Caroline Ford (secretlondon) wrote on 2008-03-01:

I can confirm. Also en-gb locale.

Changed in firefox-3.0:
status:	New → Confirmed

Revision history for this message

FlagMan (flagman) wrote on 2008-06-26:

FYI: I do NOT see this.
Instead, I see: "You are connected to bethere.co.uk" which seems correct.
Maybe it's fixed now?

firefox 3.0 version 3.0~b5+nobinonly-0ubuntu3
hardy, 32-bit

Revision history for this message

Malcolm Scott (malcscott) wrote on 2008-06-26:

Indeed, this appears to have been substantially improved. Portions of the CN are still being stripped off; I still think that's possibly unwise, but clearly someone thinks differently, so since my original complaint is no longer relevant I'll close this bug.