W3C home > Mailing lists > Public > public-wsc-wg@w3.org > February 2007

Re: ACTION-87: Certificate errors and warnings displayed by Opera

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 9 Feb 2007 23:28:39 +0100
To: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <20070209222839.GV20785@raktajino.does-not-exist.org>

On 2007-02-09 01:13:27 +0100, Yngve N. Pettersen (Developer Opera
Software ASA) wrote:

> If more than one warning is necessary the most severe is
> identified by the dialog, and the rest are listed in a list in
> the dialog.

> These problems can be resolved for the rest of the session, but
> unless they can be solved by installing certificates in the
> database (or on the server) the warning will be display next time
> Opera has been reset.

Playing around a bit with Opera 9 here, it looks as if Opera keeps
state about unsafe certificates visible when the user overrides;
interestingly, it doesn't go the additional step of telling me "but
you chose to accept this certificate."

> The user can also specify a preference for a certificate in the
> root store that makes Opera warn whenever a certificate is part
> of a certificate's chain. This is the default whenever a
> certificate is installed by downloading (but not when installing
> from a unknown root dialog).

Do you have any data whether people actually use that option?

> "The signatures of this certificate could not be verified. While
> this can be caused by the issuer using the wrong method to sign
> the certificate, it can also be caused by attempts to modify or
> fake the certificate."

I take it that this is considered a fatal error that does not permit
a user override?

> The user can also, in addition to the certificate warning
> preference mentioned above, specify that all access to sites
> using a specific certificate in the root store is forbidden. This
> will be indicated by a error specifying the certificate is valid
> but access is forbidden.

Once again, I'd be curious to learn to what extent that feature is
actually in use.

Do you have any data on that from your testing?

Thomas Roessler, W3C  <tlr@w3.org>
Received on Friday, 9 February 2007 22:27:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:14 UTC