GNOME Bugzilla – Bug 620852
Lacking significant warning on bad certificates
Last modified: 2010-06-08 15:16:51 UTC
When a bad/untrusted certificate is used, encryption is worse than useless, since it produces a false sense of security, while the medium is still subject to a trivial man-in-the-middle attack. Right now, the only warning is a "broken" icon in the bottom-left corner, far from where the user's visual focus, and a subtly different color URL bar. Chrome/firefox take the approach of a dialog page to educate the user about what's wrong, and continue if they opt to do so. (Ideally they also tie into the certificate manager to permanently trust a certificate, however, that's a much less important feature than protecting the user's confidential information). Right now, I can interact with my online banking site, send my account number and password, and easilly not realise that my connection has been subverted.
Downstream at https://bugs.launchpad.net/epiphany-browser/+bug/589877 Related to, but not equivelent to, https://bugzilla.gnome.org/show_bug.cgi?id=594856
priority => "immediate", per bug life cycle documentation, "is a security issue in a released version of the software." severity = > "critical", since it doesn't actually block development work.
Similar to bug 542454?
Thanks. *** This bug has been marked as a duplicate of bug 542454 ***