GNOME Bugzilla – Bug 735350
Really bad messages to the user
Last modified: 2014-08-26 21:44:43 UTC
When I translated Ephiphany I ran in to this message: "This web site’s identification time-travelled from the future. Check the date on your computer’s calendar." Seriously?! This is a really sucky message. A certificate may be issued from a specific date in the future, and if someone starts using this ahead of time the user will see this message. Also, "This web site’s identification uses very weak encryption. It has probably been forged." What? So someone selecting a bad algorithm is a criminal now?! "A criminal organization or government agency may have hijacked your connection. You should continue only if you know there is a good reason why this site does not use trusted identification." Ahh... so we know it it only criminal organizations and government agencys that hijacks connections.... good to know. The few cases I have heard of was done by criminal individuals and hackers, but I guess you know better. Seriously, all these messages seems to be written by immature teenagers and now by serious software developers. I suggest you change these strings before the string freeze. //Snaggen
(In reply to comment #0) > When I translated Ephiphany I ran in to this message: > > "This web site’s identification time-travelled from the future. Check the date > on your computer’s calendar." > > Seriously?! This is a really sucky message. A certificate may be issued from a > specific date in the future, and if someone starts using this ahead of time the > user will see this message. Just to be clear -- are you concerned that we're blocking certificates used in advance of their validity, or just the wording of the string? There's no legitimate reason to use a certificate before it's valid, but if you have an alternative wording for the string we could change it. The requirement is that we explain the error without mentioning the existence of technical details like certificates. It's actually really hard to do and I had some trouble coming up with this one... but I think it turned out OK. Please note our HIG regarding humor: "Used effectively, emotion and humor can lift the experience provided by your application, and help to develop a positive relationship with your users. Be careful not to over-use these techniques though - it is far more effective to pick a small number of moments to use emotion, rather than spraying them throughout your user interface. [...] Using humor when things go wrong is another effective technique." [1] I expect users should never see this string. I myself have never once encountered such a certificate. > "This web site’s identification uses very weak encryption. It has probably been > forged." > > What? So someone selecting a bad algorithm is a criminal now?! Well it means browsers are not going to load his site, yes. This message is for stuff like 512-bit RSA that indicates something seriously fishy is going on. > "A criminal organization or government agency may have hijacked your > connection. You should continue only if you know there is a good reason why > this site does not use trusted identification." > > Ahh... so we know it it only criminal organizations and government agencys that > hijacks connections.... good to know. The few cases I have heard of was done > by criminal individuals and hackers, but I guess you know better. Do you have an alternative suggestion for this string? We could drop the word "organization" to be more generic? I think we surely do want to mention government agency. Remember when the Iranian government used a fraudulent certificate to read dissidents' email. [1] https://people.gnome.org/~tobiasmue/hig3/design-principles.html
I'm just concerned about the wording of these messages. And just because it is unlikely to get them, it may still happen. I think I have seen certificates with validity dates in the future, weak algorithms and with no valid authoroty signature. All of these times there have been mistakes and no big conspiracy behind it. And to use humor, the users must still understand the messages. And I don't know if cryptography and certificates is the best place to goof around... "This web site’s identification time-travelled from the future. Check the date on your computer’s calendar." This is a message that only will confuse a regular user. "This web site’s identification is not valid since the beginning of the validity period is still in the future. Check the date on your computer’s calendar." That is a clean and easy message that actually explains the problem. "A criminal organization or government agency may have hijacked your connection. You should continue only if you know there is a good reason why this site does not use trusted identification." I have worked with cryptography and certificates as a security consultant, and I still don't understand what you base this upon? Have the credentials changed, doesn't it match or what? Anyway. "A third party may have hijacked your connection. "A criminal organization or government agency may have hijacked your connection. You should continue only if you know there is a good reason why this site does not use trusted identification." Is till a neutral message. And about mentioning governments, yes they spy but they will most likely use VALID certificats doing so... I have never heard of any government spying causing this kind of errors. "This web site’s identification uses very weak encryption. It should not be considered a safe connection." This is sample messages I think is more neutral and explanatory.
"A third party may have hijacked your connection. You should continue only if you know there is a good reason why this site does not use trusted identification." is the message I suggest... there were some cut/paste error in my previous post
(In reply to comment #2) > "This web site’s identification is not valid since the beginning of the > validity period is still in the future. Check the date > on your computer’s calendar." > > That is a clean and easy message that actually explains the problem. OK, I'll change it to that. > "A criminal organization or government agency may have hijacked your > connection. You should continue only if you know there is a good reason why > this site does not use trusted identification." > > I have worked with cryptography and certificates as a security consultant, and > I still don't understand what you base this upon? Have the credentials changed, > doesn't it match or what? I'm not sure I understand your point here... there is no purpose to the certificate system except to prevent third parties from hijacking your connection. If we don't point this out then we might as well not check the certs at all. > Is till a neutral message. And about mentioning governments, yes they spy but > they will most likely use VALID certificats doing so... I have never heard of > any government spying causing this kind of errors. That's true. Hopefully we'll one day be able to pin certs to prevent this on major sites, like Chrome does. > "This web site’s identification uses very weak encryption. It should not be > considered a safe connection." > > > This is sample messages I think is more neutral and explanatory. I think I prefer the original language, since it's more clear that something fishy is going on. If it was normal for web sites to use weak certs then your language would be better, but I don't think I've ever seen a web site that uses a cert weaker than we accept. We could change "probably" to "may," though, which is what I almost did originally, but I guessed weak certs are more likely to be malicious than not, and certainly more so than other types of cert errors. A broken chain of trust is pretty easy for a web site to screw up, as is using a cert after it expires, but it seems very unlikely that a site would use a weak cert as a result of misconfiguration, since legitimate CAs should not be issuing these certs anyway. (In reply to comment #3) > "A third party may have hijacked your connection. You should continue only > if you know there is a good reason why this site does not use trusted > identification." > > is the message I suggest... there were some cut/paste error in my previous post OK, I'll change it to that.
Created attachment 284437 [details] [review] Reword some TLS error page messages Do these changes look OK? They're slightly different than what we discussed.
Review of attachment 284437 [details] [review]: ::: embed/ephy-web-view.c @@ +1759,3 @@ if (tls_errors & G_TLS_CERTIFICATE_INSECURE) { /* Possible error message when a site presents a bad certificate. */ + g_ptr_array_add (errors, _("This web site’s identification cannot be trusted because it uses very weak encryption.")); „cannot” - should be „can not” or „can't”. it better for English, didn't? For me, as translator (to Hebrew), I think the original string are better. @@ +1767,1 @@ } For me it really help. I translated it to something really really wrong in Hebrew :-)
(In reply to comment #6) > Review of attachment 284437 [details] [review]: > > „cannot” - should be „can not” or „can't”. it better for English, didn't? "Cannot" is actually much more common than "can not," but either way is fine.
They look ok to me,
Attachment 284437 [details] pushed as 940ec36 - Reword some TLS error page messages