Targets & Text for PSM 2.0 UI Elements

Newsgroup: mozilla.dev.tech.crypto
Writer: SeanCotter
Manager: BobLord

This document attempts to list every window or Preferences panel related to PSM 2.0, targets for corresponding help buttons, and notes re UI textand other issues. I will also be usinge it to track implementation of eachelement and its help button and context-sensitive help text. Unless otherwise indicated, each row corresponds to a potential help button thatwill bring up relevant help text in the new Mozilla help system.

If a bug number is given under New or Revised UI Text, the bug is themost current record of requested changes. Otherwise, notes are based onthe UI mockups.

UI element names in boldface are those for which a mockup already exists. For current mockups, see PSM2.0 UI

Certificate Manager
Other Certificate Windows
Privacy and Security Preferences
Page Info Windows

Certificate Manager

For View button and related text, see Other CertificateWindows below.
 

Tab/
Element/
Window title
Help Button Target New or Revised UI Text Comments/Issues
Your Certificates/
main panel/
Certificate Manager
?my_certs see bug #s 76736 and 77009   

change text under tabs as follows:

You have these certificates that identify you:
change "Token Name" to "Security Device"

change "PSM Certificate Database" to "Software Security Device"

 

Add "Obtain new . . ." button?

 

Your Certificates/
Backup button/
Choose Certificate Backup Password
?cert_backup_pwd see bug # 76736

Change window title to "Choose Certificate BackupPassword"

new text:

The certificate backup password you set here protects the backupfile that you are about to create. You must set this passwordto proceedwith the backup.

Certificate backup password:
Certificate backup password (again):

 

Your Certificates/
dialog from glue code that requests a password/
Password
no help button? see bug # 76736

current text:

Please enter the Personal Security Password for the PSM Certificate Database security device.

new text: 

Please enter the master password for the <name of token>security device.
e.g.: Please enter the master password for the software security device.
For the internal token, <nameof token> should read: "software".Help will explain that "software security device" is the default securitydevice provided by the browser.

For other tokens, <name of token> is the name reported by the token.
 

Your Certificates/
Backup All button/
Choose Certificate Backup Password
?cert_backup_pwd see bug # 76736

new text: 

The certificate backup password you set here protects  the backup file that you are about to create. You must set this passwordto proceed  with the backup.
Certificate backup password:
Certificate backup password (again): 
Text in Backup All dialog is now identical to text in Backupdialog.

  This Backup All text from the top of the PSM 1.4 Backup All dialogis nolonger necessary:

You are backing up multiple certificates and privatekeys atonce. Versions of Communicator earlier than 4.71 thatdon't havePersonalSecurityManager installed will not be able to restorethe fileyou are creating.
Your Certificates/
Restore button/
File Name to Restore
no help button no text changes no help for this standard file dialog.
Your Certificates/
Delete button/
Delete My Certificates 
?delete_my_certs new text:
Are you sure you want to delete these certificates?

[list of certs similar to Cert Mgr?]

After you delete a certificate, you can no longer use it to identifyyourself. 


not implemented as of 4/19/2001 
Your Certificates/
Change Password button/
Change Master Password
?change_pwd in pop-up menu, name of internal security device shouldbe "software security device"

shorten labels for new password fields to these:

New password:
New password (again):

not implemented as of 4/19/2001
Other People's/
main panel/
?others_certs see bug # 77009
This paneland related windows will beimplemented later. 

No help section for PSM 2.0.
 

Other People's/
Edit button/
Edit Certificate Settings
?edit_others_certs
 
No help section for PSM2.0.
Other People's/
Delete button/
Delete Certificate dialog
?delete_others_certs
No help section for PSM2.0.
Other People's/
Add button
?add_others_certs
No help section for PSM2.0.
Web Sites/
main panel
?web_certs see bug # 77009 
Web Sites/
Edit button/
Edit Certificate Settings dialog
?edit_web_certs see bug # 77432

new text:

This certificate:  [hostname from cert]
was issued by: [name of issuer]

Because you do not trust the certificate authority that issued thiscertificate, you do not trust the authenticity of this certificate unlessotherwise indicated here.

Edit certificate trust settings:
x  Trust the authenticity of this certificate.
x  Do not trust the authenticity of this certificate.

[Edit button] Edit certificate authority trust settings.

ill this UI be changing,e.g.to show cert chain graphically?

not implemented as of 4/19/2001

Web Sites/
Delete button/
Delete Certificate dialog
?delete_web_certs new text:
Are you sure you want to delete these web site certificates?

[list of certs similar to Cert Mgr maini panel?]

If you delete a web site certificate, you will be asked to accept itagain the next time you visit the web site.

not implemented as of 4/19/2001
Authorities/
main panel
?ca_certs see bug # 77009 
Netcenter capabilities won't be in firstrelease.

When they are, text should read like this:

Allow Netscape to update your CAs automatically from Netcenter


 

Authorities/
Edit button/
Edit Certificate Settings dialog
?edit_ca_certs new text:
This certificate:

[name of cert]

represents a certificate authority.

Edit trust settings:
x   This certificate can identify web sites.
x   This certificate can identify mail users.
x   This certificate can identify software makers.

Click Help to learn about changing certificate authority trust settings.


Authorities/
Policy button/Certificate Authority Policy dialog
?policy_ca_certs new text:
No policy information found.
 
This relies to a cert field that apparently isn't used inmost certs.

Not yet clear if help is needed or not.
 

Authorities/
Delete button/
Delete Certificate
?delete_ca_certs new text:
Are you sure you want todelete these CA certificates?

[list of certs similar to Cert Mgr main panel?]

Click help to learn about the potentially serious implications of deletinga CA certificate.

not implemented as of 4/19/2001
Security Devices/main panel ?sec_devices list internal PSM token as "Software Security Device"

list internal crypto service token as "Default Crypto Services

list root CA token as "Default CAs Security Device"
not implemented as of 4/19/2001









Other Certificate Windows

This list includes the View window (identical for all Certificate Manager tabs) and other certificate-related windows displayed by PSM.
 
 

Window Title Help Button Target New or revised UI text Comments/Issues
View button/ Certificate Detail: <subject name> ?cert_details New text at top:
These organizations vouch for this certificate:
This dialog is identical for each tab.

layout issues TBD--text depends on presentation; unresolved issues includethe following:
- will this window indicate whether the cert has been verified or not,asin PSM 1.4? 
- how will this window handle situations where an  issuer's certfor an issuer displayedin the chain can't be found?
- how much to show here vs. a "View More Info" window that shows complete pretty print,like 1.4.
- what happens when multiple certs are selected and you click "View"?

Here's an example of the View dialog from PSM 1.4 (for a web site certificate):

Choose Security Device ?which_token New text for remaining cert windows to come appears when more than one token is available.

To test: Need machine w/ working smart card

Encryption Key Copy ?priv_key_copy
appears when a private encryption key is about to be copied,e.g. for storage in CMS Data Recovery Manager 
SecurityCertificate Backup ?backup_your_cert
appears when JavaScript flag is set to remind user to backupcert right after cert isissued 
Generating Certificate Request

appears during keygen--no help button
SecurityCertificate Installed

appears after successful cert issuance - no help button
User Identification Request ?which_cert
appears when server requires client auth and more than onecert is available
No Acceptable Identification ?no_cert note to Sean: need to add help section for this appears when client auth is required and no acceptable certis available
Choose Security Certificate
(PSM 1.4 only, not necessary in 2.0)


appears when one more than one cert is available underonecert name. Radio buttons allow you to select one.

Should not be necessary in PSM 2.0, since nicknames will be invisibletouser.Each cert listed separately.

Certificate Renewal

Appears when PSM detects that a cert is about to expire.Allows users to choose between renewingnow and getting reminded later.

No help section for PSM2.0.

New Certificate Authority ?new_ca New text:
 
You have been asked to trust a new certificate authority (CA).

Do you want to trust <CA name>  for the following purposes?

x Trust this CA ti identify web sites.
x Trust this CA to identify email users
x Trust this CA to identify software developers.

Before trusting this CA for any purpose, you should examine its certificateand its policy and procedures (if available).

<View> Examine CA certificate
<Policy> Examine CA policies and procedures 

<OK> <Cancel> <Help>

The proposed text at left attempts to consolidate two windowsused previously. Here are the equivalent windows from PSM1.4:


The original PSM 1.0 spec includes this note: "Nickname is set toCN bydefault. If this nickname is already taken,then pop up NEWROOT3."The thirdwindow asks the user to specify a nickname. Is this relevant forPSM 2.0?

New RootCA/NewRoot2

not needed in PSM 2.0?
New RootCA/NewRoot3

not needed in PSM 2.0?
New Web Site Certificate ?new_web_cert new text
 
<hostname> is a web site that uses a certificate to identifyitself. Netscape does not recognize the certificate authority that issuedthis web site's certificate.

You can choose to accept the certificate anyway as identification forthis web site:

r Accept this certificate permanently

r Accept this certificate temporarily for this session

r Do not acceptthiscertificate

To make sure you knowwhat you're accepting, click View.

<View> Examine web site certificate

<OK> <Cancel> <Help>

The proposed text at left attempts to consolidate two windowsused previously. Here are the equivalent windows from PSM 1.4:
New Web Site Certificate: Step 2
 
not needed in PSM 2.0?
Expired Web Site Certificate ?exp_web_cert newtext:
<hostname> is a site that uses a certificate to encryptdataduring transmission, but its certificate expired on <date>.

You should check to make sure that you computer's time (current setto <date&time>) is correct.

x Accept this certificate anyway for this session.

<View> View web site certificate

<OK> <Cancel> <Help>

appears when browser encounters a server whose cert hasexpired.

Equivalent window frpm PSM 1.4:

Web SiteCertificate Not Yet Valid ?not_yet_web_cert new text:
<hostname> is a site that uses a certificate to encryptdataduring transmission, but its certificate is not valid until <date>.

You should check to make sure that you computer's time (current setto <date&time>) is correct.

x Acceptthis certificate anyway for this session.

<View> View web site certificate

  <OK> <Cancel> <Help>

appears when browser encounters a server whose certhas expired

Equivalent window from PSM 1.4: 

Unexpected Certificate Name ?bad_name_web_cert new text:
You have attempted to establish a connection with <hostname>.However, the certificate presented belongs to the web site <hostname>. It is possible, though unlikely, that someone may be trying to interceptyour communication with this web site. 

If you suspect the certificate available below does not belong to knox.mcom.com,pleasecancel the connection and notify the site administrator.
 

<View> View web site certificate

<Continue Anyway>  <Cancel Connection> <Help>

appears when browser encounters a server whose cert's commonname doesn't match host name in URL

Equivalent window in PSM 1.4:

Request for Signature

appears when web form requires signature

No help section for PSM 2.0.

Import IECerts request

appears on Windows when PSM detects certs in registry, togive user a chance to imprt them. Includes a "Don't ask me this again"option.

No help section for PSM 2.0.


 

Privacy and Security Preferences



Panel/
Panel description
Help Button Target Changes to UI text shown in mockups Comments
Privacy and Security/
Settings for General Security
?sec_gen Change text under Manage Certificates as follows:
Use the Certificate Manager to manage certificates and securitydevices.
 

SSL/
Settings for SSL
?ssl_prefs Change text under SSL Warnings as follows, starting withsecond checkbox:
x Sending form data from an unencrypted page to an unencryptedpage

x Sendingform data from an encrypted page to an unencrypted page 

x Redirection from one encrypted page to another

x Redirection from an encrypted page to an unencrypted page

Under Client Certificate Selection:
  • change "Netscape" to "the browser"
  • change "security certificate" to "certificate 
  • change "Select Manually" to "Ask Every Time"
"secure"and "insecure" too vague?

Text for first and last checkboxes is OK.

"Select Manually" suggests that Netscape itself isstill doing the selecting,which is confusing.

 

SecureMail/
Settings for Secure Mail

Change heading to "Signed & Encrypted Mail"?

 

"Secure Mail" is bad.

Signed & Encrypted Mail? 

No help sectionfor PSM 2.0.

Validation/
Settings for OCSP
?validation_prefs Change mainheading  "OCSP Validation" to "Validation"for consistency with namein left panel.

Change box heading "Validation" to "OCSP Validation".

Change first two sentences to read like this: 

You can use the Online Certificate Status Protocol (OCSP) toverify certificates. Set OCSP usage as follows:
Changes assume that we shouldn't use term  "Netscape"to refer to browser.
Passwords ?passwords_prefs No changes.




Page Info Windows



Messages in Page Info/Security Target Changes to UI text shown in mockups Comments
Identity Not Verified—Connection Not Encrypted ?nover_noencrypt

Identity Verified—Connection Encrypted ?ver_encrypt

Identity Conditionally Verified—Connection Encrypted ?conver_encrypt

Identity Verified—Connection Not Encrypted ?ver_noencrypt

Identity Conditionally Verified—Connection Not Encrypted ?conver_noencrypt