[BvdB]

Hi,
by clicking on a website's favicon (left to the URL) Firefox3 provides a window with site information, one of which is the "Owner:" field.
But on my and various well-known sites I only see the comment:
"This web site does not supply identity information."

So how should a server admin provide this information?

Thanks for hints!
// BvdB

[SK]

Moving to Firefox Builds.

[Max Karl Ernst]

Yeah, UI has to see some more work done
I think "indentity information..." is bad wording and that's what gets people confused.

It would should be something like "Identity of this site is not confirmed by authoritative source".

So, in your case it really means you should get a certificate if you need your identity confirmed, and you probably don't really need that

[Cyberkilla]

Yes, is this read from metatags? Or do you HAVE to have to by using https?

[chob]

I don't know if something's being lost in translation, or if the strings have changed, but for ordinary websites Larry will say something like:

"This web site does not supply identify information. Your connection to this web site is not encrypted."

If you get a proper SSL certificate for the site, Larry should say:

You are connected to
< website address >
Which is run by
(unknown)

If you want the "Which is run by" to read something other than "(unknown)" then you need an EV SSL certificate, and they cost a lot of cash.

[Cyberkilla]

I don't often use SSL, because I run a game, and the overhead of encryption just isn't required.

[BvdB]

... Larry will say something like:
"Your connection to this web site is not encrypted."

Yes, this seems to be the logic.
Precisely, it is the "Organisation" field of the Cert that is presented as "Owner" here.
As I left this field empty in my Cert - my company is already in the name - it now says that even my https-Site has "no owner".

Furthermore, "Connection not encrypted" is already written under "technical details".

Sorry folks, but there is some over-doing going on here, and I propose to think about and change this logic.

[Ted Mielczarek]

This has been discussed to death. Compare:
http://www.mozilla.org/ - no SSL
https://bugzilla.mozilla.org/ - DV SSL cert
https://www.sierranevada.com/ - EV SSL cert

That's really all there is to it.

[BvdB]

Yes, discussed to death of logic, it seems.

[Morris Stuart]

Yes, discussed to death of logic, it seems.

Just because you don't understand the difference between a regular SSL cert and a EV SSL cert does not mean other people are illogical.

A normal SSL cert can never prove identity (anyone can fill in anything in the owner field in a SSL cert), it can only verify the cert belongs to that domain, not who owns that domain. So, when using a regular SSL cert it will always state that the owner is not verified because verification does not happen with normal SSL certs.

EV certs do require a lot of extra verification to check that the person who registered xyzbank.com is indeed XyzBank and not someone else. This extra verification makes them more costly and time consuming to register as well.

[BvdB]

The relation between "Organization" field here and "Owner" there is not what I consider illogical.

What I do consider illogical is the way that this information is presented: The sentence "This web site does not supply identity information." does not give a clue that one can never expect this kind of "identity information" on a http domain. It looks like a shortcoming of the domain which is misleading.

So the correct solution would be to omit the "Owner" field for http domains and write "Organization: ..." in the case of https.

If there was a thorough discussion on this and what we see is the result - then the discussion could not have been based on logic reasoning.

[rosemarydesigns]

I agree that this is a matter of customer relations, not coding. The current message is misleading about what is going on and that http sites are not expected to provide this kind of website ID info. Sloppy at best. I hope it gets fixed soon.

[rlktemp]

The message "This website does not supply identity information" would cause the average user to think they may be on a dangerous website. This is very bad wording and should be changed immediately. Note that that message is displayed for this very forum, and yahoo, and google, and just about any http website. So it seems to me that the text needs to be immediately changed to perhaps display the the meta name description from the website. And, if it is an https website, perhaps some clear message about the level of security being provided. Seems to me that would make more sense. Otherwise either average users will get scared to visit legitimate websites, or they will quickly realize that the message is meaningless and ignore it, leading to ignoring ANY message that may be of value.
RK

[teoli2003]

But this site (or yahoo, or google) does not supply any real identity information...

You have no guarantee to really be on their site and that your DNS wasn't hijacked.

[BvdB]

Yes, but this site (and Yahoo, Google) do not supply fresh water as well - so why don't we send a warning?:
This website does not supply fresh water.