Firefox 3 SSL certificate handling characterized as "scary"

One of the oft-touted improvements in Mozilla's Firefox 3.0 Web browser has been its improved handling for sites that authenticate their own identities using SSL certificates -- the kind used to initiate encrypted transactions with HTTPS protocol. For instance, a site whose authentication is verified will be indicated in Firefox's address bar by having its […]

One of the oft-touted improvements in Mozilla's Firefox 3.0 Web browser has been its improved handling for sites that authenticate their own identities using SSL certificates -- the kind used to initiate encrypted transactions with HTTPS protocol. For instance, a site whose authentication is verified will be indicated in Firefox's address bar by having its icon expanded to a full name, printed on a green background. Supposedly, this is to reassure the user that everything's copacetic.

But on the other end of the scale is the browser's handling of certificates it cannot validate, which in recent weeks, multiple users and developers alike have characterized with the word “scary.” Now, Firefox replaces the Web page with a full-screen warning, featuring a traffic-cop pictogram and explaining the problem in detail. The color scheme is yellow, not red (which Firefox reserves for such things as suspected phishing sites or scam practitioners). Still, developers are asking whether the level of alarms Firefox raises now are so intense that many users will actually choose to ignore them rather than pay attention to them.

Full Article