Security/Foreign Certificate Warning: Difference between revisions

Security/Foreign Certificate Warning (view source)

652 bytes added , 2 May 2016

→‎Related: link to Chromium security-dev thread

Confirmed users

908

edits

@@ Line 9: / Line 9: @@
 a root cert is added that's not part of the Mozilla CA program and is part
 of the chain for the currently visited site.
-[[File:Root-cert-banner2.png|1600px|thumb|center|Mock]]
 === Non-dimissability ===
+[[File:Foreign-cert-warning-flow.png|300px|thumb|right|Flow]]
-[[File:Foreign-cert-warning-page.PNG|right|Warning Page]]
+[[File:Root-cert-banner2.png|300px|thumb|right|Toolbar Indicator]]
+[[File:Foreign-cert-warning-page.PNG|300px|thumb|right|Information Page]]
 There are three axes to look at when considering how ''dismissable'' the banner should be:
@@ Line 80: / Line 79: @@
 * [https://bugzilla.mozilla.org/show_bug.cgi?id=1135776 Bug 1135776]: show a different UI for certificates issued by non-built-in root certificates
 * [https://code.google.com/p/chromium/issues/detail?id=81623 Chromium bug 81623] (equivalent Chromium bug)
+* [https://docs.google.com/a/mozilla.com/presentation/d/1TNFx6eaQVfe83PV80-FZ39QY1dSLGCWW8f2i5-NeJ48/edit Improving SSL warnings], a presentation by Adrienne Porter Felt, Chrome Security Team
+* [https://groups.google.com/a/chromium.org/d/topic/security-dev/alqnzXj2bjI/discussion Discussion on why Chrome hasn't done it yet]
+* Android shows a similar warning when using a VPN app:
+<gallery mode=packed heights="400px">
+File:Android-vpn-warning1.png|warning in the settings panel
+File:Android-vpn-warning2.png|explanation page (after clicking on warning)
+</gallery>