How to supply "web site identity information" - as

[Tolien]

On an HTTPS site (like Bugzilla), I see "Verified by: Equifax" on hovering the site button. Clicking the button gives me "You are connected to mozilla.org which is run by (unknown). Verified by: Equifax. Your connection to this website is encrypted to prevent eavesdropping".

[BvdB]

Seems the poster on the bugzilla thread has a different experience (with his site). Why don't you ask him?
Maybe we could all switch over to "Equifax" ...

[Tolien]

I don't get the "no identify information" thing for a self-signed cert either.

The Equifax part will be the CA for the Bugzilla cert...

[BvdB]

Me too, I have a (free) startcom cert and get a message "Verfied by Startcom".
So maybe the poster on bugzilla made a mistake?
Anyhow, let's not get confused - the warning on a http site is the issue here - and it remains.

[beezer1]

I'm a new comer to this issue of whether or not the wording should be changed in either the hovering message or after you click on the favicon. I came upon this topic because I was creating a website and wanted to add a favicon. I did add the favicon then I was confused as to how I could provide identity information for my website.

Now why would I have thought that I could provide this information in the first place? The answer is simple: Firefox makes a statement that would lead you to believe a web server using http could provide such information.

As for what average users likely conclude when they read such a message as "This website does not provide identity information .... Your connection to this website is not encrypted" I can almost certainly promise this would cause unease among most people for I am not the average user and it mislead me until I looked further into it.

But when a user asks Firefox, using parts of our User Interface devoted to identity information, about an http site, we will absolutely continue to tell them that the site doesn't supply that information. Not that we couldn't verify it, there was simply nothing to supplied for us to verify.

This sounds like a political issue. It's true I'm a cynical man but I read that as "We don't want people to think we are weak" so instead the "weakness" gets passed off to the poor little http website. Why not make it neutral by saying something like "It's not possible for this website to provide identity information". It doesn't make sense to criticize a website for not providing a service that it can't provide. It's true that you can come up with just about any ridiculous analogy to display this point: ie. An brand of umbrella will not protect you against a commet. That is a true statement, however, it is irrelevant and makes the poor umbrella manufacturer look bad. The purpose of an umbrella is not to protect against a comet, in fact it's not even possible. Instead just say it's not possible for umbrella's to perform that function. It is more neutral that way. It removes confusion for the average user and it removes confusion for the average developer.

--- Edit---
Furthermore upon clicking the "more information" button after reading the message you find yourself in the security tab. The message might not use language saying you are directly in harms way but it doesn't take much to come to that conclusion. There is a sense that on this particular website my security is at risk. It might be true but the fact is nothing can be done about it so don't place blame.

[hairboy]

At the risk of getting called a Noob.....

I've been a web developer (involved largely in coding, generally not server-related details) for a long time, and also running my own internet game. I've recently upgraded to FF3 and found the message about identity information on my own site.

I was instantly concerned, and found this thread via googling "website identity information". I honestly thought that it was a deficiency on my part, something that I hadn't correctly configured and that the latest FF3 was helping me identify my own oversight.

So, although this thread (like many) seems to have gotten bogged down with whos attitudes are deficient, it must be said, and said loudly
"THE CURRENT MESSAGE REGARDING NOT SUPPLYING IDENTITY INFORMATION IS CONFUSING AND MISLEADING TO ALL THAT DO NOT UNDERSTAND THE MECHANICS OF AN INTERNET CONNECTION!"

I'd certainly consider myself a more-than-competent programmer, and the current message had me thinking there was a deficiency with *my own website*! I hate to think how many other casual browsers have been averse to registering or signing up to a site based on that message/warning. It needs to be changed, or hidden deeper into the "options/preferences". Or even better, simply not displayed for ANY HTTP site.

[freedom09]

Most of you people don't see what is actually happening here,if we allow this to happen then after a short while other browsers will implement this procedure.

Then governments in certain countrys will make it a legal requirement to have such information entered,which will take us further into the "big brother" state/era.

I totally hate mozilla for selling out like this,as soon as they start getting bigger market shares they start implementing big brother tools like this.

There are already people lobbying for such procedure to implemented on a legal level in certain countries.

I may actually have to uninstall firefox.

[RaiseMachine]

Seemingly a number of people joining on the same day as they made their one and only post...

The easiest solution would be to join both sentences thus: "This website does not supply identity information because your connection to this website is not encrypted."

Page Info dialog - Owner: could be "Information not supplied." Verified by: would be "Not verified."
Any other info needed on this dialog can go under Technical Details at the bottom as is currently the case.

Pretty simple huh?

Folks, everyone who is interested in this issue please subscribe the bugzilla thread.
https://bugzilla.mozilla.org/show_bug.cgi?id=465584

Do not do that as it will not help and you will certainly get your bugzilla account killed. Read bugzilla's etiquette rules. The bug has been marked VERIFIED WONTFIX and that is all there is to it.

This is the bug to follow: https://bugzilla.mozilla.org/show_bug.cgi?id=429021

Do not post anything to this bug, a patch has been submitted and is waiting on the review process. And no I don't know how long that's going to take.

All that needs to be done on this issue had been done as per the above bug.

[SK.]

As a moderator, I would like to echo RaiseMachine's thoughts. Let's mind the rules, shall we?

[BvdB]

RaiseMachine, thanks for updating us on the more-relevant mozilla-bugid.

The reason why I posted the bugzilla URL was because someone had proposed to me to open a thread there, so that's what I did - and I posted the URL so that people can follow the discussion. The bug was then later closed by someone from Mozilla (and no one mentioned the older bug id above). Just look at the respective timestamps and everything will become clear.

Any ideas of the kind "getting ones account killed", "violation of etiquette" or "not minding the rules" seem to be just the ghosts of the people who called them ...

[Frank Lion]

Most of you people don't see what is actually happening here,if we allow this to happen then after a short while other browsers will implement this procedure.

Then governments in certain countrys will make it a legal requirement to have such information entered,which will take us further into the "big brother" state/era.

I totally hate mozilla for selling out like this,as soon as they start getting bigger market shares they start implementing big brother tools like this.

There are already people lobbying for such procedure to implemented on a legal level in certain countries.

I may actually have to uninstall firefox.

You write all this because of the 'this website doesn't supply identity information' is shown when you click on the urlbar favicon of most sites?

Do get a grip, already.

[RaiseMachine]

Any ideas of the kind "getting ones account killed", "violation of etiquette" or "not minding the rules" seem to be just the ghosts of the people who called them ...

Maybe we can build up some momentum to change the status from VERIFIED WONTFIX to something else ...

Do not do that as it will not help and you will certainly get your bugzilla account killed. Read bugzilla's etiquette rules. The bug has been marked VERIFIED WONTFIX and that is all there is to it.

There's a number of faux pas you can commit when using Bugzilla. At the very least, these will make Mozilla contributors upset at you; if committed enough times they will cause those contributors to demand the disabling of your Bugzilla account. So, ignore this advice at your peril.

https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

[BvdB]

RaiseMachine, "build up some momentum" is to be translated into "convince people that it is wrong" (by blogging etc), not by flooding bugzilla. The changing of the status should be done by the people who are involved there, of course.
So, release your ghosts, please.

[RaiseMachine]

So, release your ghosts, please.

Do you see what I mean when I say that your attitude does not sound like you are interested in understanding the current state of affairs or making meaningful contributions to its improvement? These snide comments diminish your arguments and make me really reluctant to involve myself in the conversation at all.

(by blogging etc)

The dev's aren't going to read blogs either, other than each others.

All that needs to be done on this issue had been done as per the above bug.

[BvdB]

This is a public forum and, being the thread starter, I invite anybody who wants to express his thoughts about the "web site identity information" and related topics on the Mozilla open source browsers - to do it here.