[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
User interface to bad certificate warning -- how to use?
|
From: |
N. Jackson |
|
Subject: |
User interface to bad certificate warning -- how to use? |
|
Date: |
Sun, 31 Jan 2016 16:53:45 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux) |
In the pre-release for Emacs 25 (25.0.90) I get a warning message when
Gnus tries to connect to my local Dovecot IMAP server. The warning
message correctly states that "The TLS connection to localhost:993 is
insecure ..." because I have a self-signed certificate (among other
problems with it).
I'm very happy that this functionality is now in Emacs.
My question is about how the user is intended to interact with this
warning, since there are several rather confusing things about it.
The warning is shown in a help window while simultaneously there is a
prompt displayed in the minibuffer:
Continue connecting? (No, Session only, Always)
Is the user intended to type in the full text of their choice or the
first letter or what? If the first letter, must it be capitalised as
shown? The prompt seems to disappear when _any_ key is pressed; for
example I tried to copy the prompt to the clipboard and it disappeared
when I started to select it -- I've no idea which of the three choices
it decided I had entered. This seems rather surprising behaviour for the
minibuffer.
After the prompt is gone, the help window remains but the buffer itself
is gone. This seems to be rather the opposite of what would be useful.
Wouldn't it be better if the buffer with the details about the
problematic certificate persisted and the help window was closed?
Furthermore, the information in the help buffer is in a confusing order:
Certificate information
Issued by: imap.example.com
Issued to: IMAP server
Hostname: imap.example.com
Public key: RSA, signature: RSA-SHA1
Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD
Security level: Low
Valid: From 2013-09-07 to 2014-09-07
The TLS connection to localhost:993 is insecure for the following
reasons:
certificate signer was not found (self-signed)
certificate host does not match hostname
certificate has expired
the certificate was signed by an unknown and therefore untrusted authority
certificate could not be verified
Would it not be better if the statement of the problem "The TLS
connection ... is insecure" came first, and the detailed certificate
information came at the end.
I'm trying to understand why the interface is the way it is, and also
how the user is expected to interact with it.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- User interface to bad certificate warning -- how to use?,
N. Jackson <=