Display issuer in Certificate item of website badge
Reported by
gwenmael...@neovote.com,
May 19 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: 0. Enable the flag to show certificate info in the panel (see https://bugs.chromium.org/p/chromium/issues/detail?id=663971) 1. Open a HTTPS site 2. Click the badge What is the expected behavior? Certificate displays : Valid, issued by XXXXX What went wrong? Certificate displays : Valid Did this work before? No Chrome version: 60.0.3104.1 Channel: stable OS Version: 10.0 Flash Version: It would allow the user to view basic cert info in only one click, whereas now they have to navigate the cert chain to see the issuer; Moreover when doing banking or such sentitive activities, it's important to see the cert is indeed a real cert (not a MITM cert, e.g. the self-signed cert installed by an antivirus product) that authentifies the website. The solution to issue 663971 is definitely a step in the right direction (since Chromium 55, one had to navigate to devtools to show certificates) but incomplete still to provide full info about the certificate.
,
May 19 2017
You can hover over the link to view the issuer. For the time being, we have very limited space, and will not show the issuer inline. > Moreover when doing banking or such sentitive activities, it's important to see the cert is indeed a real cert (not a MITM cert, e.g. the self-signed cert installed by an antivirus product) that authentifies the website. Note that showing the leaf certificate issuer provides absolutely no protection against this. |
||
►
Sign in to add a comment |
||
Comment 1 by nhar...@chromium.org
, May 19 2017Labels: Team-Security-UX