Comment 31 for bug 239360
Revision history for this message
|
|
#31 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
"issued by the site itself" sounds entirely legitimate. What's wrong with
using a certificate for paypal.com that paypal.com itself issued?
The point is that *we do NOT know* know issued it. Maybe it was the
site named in the cert, or maybe it is an attacker.
Expired Cert: Add: "This certificate may have been revoked, and we have no
way to tell, since it is expired." or "FireFox cannot determine if
expired certificates have been revoked or not."
As for showing "all important certificate information": we know that if we
show the cert's subject name, and that is the name the user expected,
the user is very likely to falsely conclude that it is legitimate.