Public bug reported: Binary package hint: firefox-3.0
If I visit a HTTPS site and click the favicon by the URL bar, the pop-up balloon containing information about the SSL certificate appears to always display exactly the last two levels of the domain name only. This results in misleading/useless information in some cases, especially for domains in countries where the TLD is subdivided (co.uk/org.uk etc.). E.g.: https://www.bethere.co.uk/ has CN=www.bethere.co.uk, and is displayed as "You are connected to co.uk" https://csg.trinhall.cam.ac.uk/ has CN=csg.trinhall.cam.ac.uk, and is displayed as "You are connected to ac.uk" https://control.retrosnub.co.uk/ has CN=*.retrosnub.co.uk, and is displayed as "You are connected to co.uk" https://www.zipzap.co.nz/ has CN=www.zipzap.co.nz and is displayed as "You are connected to co.nz" I would argue that it's dangerous to strip any parts of the domain name in this information, as it's a generalisation which won't necessarily be always valid, even if it's done more intelligently than it currently is. I'm using firefox-3.0 version 3.0~b3+nobinonly-0ubuntu4 in hardy amd64. ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Firefox UI for SSL certificate shows incomplete domain https://bugs.launchpad.net/bugs/197421 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
