W3C home > Mailing lists > Public > public-wsc-wg@w3.org > February 2007

Re: ACTION-87: Certificate errors and warnings displayed by Opera

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 9 Feb 2007 23:28:39 +0100
To: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <20070209222839.GV20785@raktajino.does-not-exist.org>

On 2007-02-09 01:13:27 +0100, Yngve N. Pettersen (Developer Opera
Software ASA) wrote:

> If more than one warning is necessary the most severe is
> identified by the dialog, and the rest are listed in a list in
> the dialog.

> These problems can be resolved for the rest of the session, but
> unless they can be solved by installing certificates in the
> database (or on the server) the warning will be display next time
> Opera has been reset.

Playing around a bit with Opera 9 here, it looks as if Opera keeps
state about unsafe certificates visible when the user overrides;
interestingly, it doesn't go the additional step of telling me "but
you chose to accept this certificate."

> The user can also specify a preference for a certificate in the
> root store that makes Opera warn whenever a certificate is part
> of a certificate's chain. This is the default whenever a
> certificate is installed by downloading (but not when installing
> from a unknown root dialog).

Do you have any data whether people actually use that option?

> "The signatures of this certificate could not be verified. While
> this can be caused by the issuer using the wrong method to sign
> the certificate, it can also be caused by attempts to modify or
> fake the certificate."

I take it that this is considered a fatal error that does not permit
a user override?

> The user can also, in addition to the certificate warning
> preference mentioned above, specify that all access to sites
> using a specific certificate in the root store is forbidden. This
> will be indicated by a error specifying the certificate is valid
> but access is forbidden.

Once again, I'd be curious to learn to what extent that feature is
actually in use.

Do you have any data on that from your testing?

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Friday, 9 February 2007 22:27:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:45 GMT