When you logout, it incorrectly reports that now you are using an anonymous certificate
testing with demo.bitmask.net and riseup.net:
- login
- connect
- logout
- it then reports you are now using anon cert, but you are still connected with the authenticated cert.
In the case of riseup.net, which doesn't support anonymous certs, it should not have any additional message. Logging out has no effect, really. It is just that you will need to login again in another month to get the cert renewal.
In the case of demo.bitmask.net, i think we have a usability problem with the distinction between anonymous and authenticated certificates. The message is incorrect, but I am not sure what message should be. Technically, the way it works now, this would be correct "You are currently connected with an authenticated certificate, but now you have logged out. The next time you try to connect, it will still use this authenticated certificate until such time as this certificate expires. Then you will be asked to login again, or you can choose to to select an anonymous certificate at that time."
Impossibly complicated!
So, I think the proper thing to do here is this:
- When you logout, don't give the user any message about anonymous certificates. It is misleading. -* When you login, always use the authenticated certificate if present. We should allow the user to switch to anon cert, perhaps by switching providers and selecting the same provider again.- #5820 (closed) -* It should ask you again if you want to login or go anonymous when the certificate for the currently selected provider has expired. I think it does this now, yes?- #5821 (closed)
(from redmine: created on 2014-06-23, closed on 2014-06-24)
- Relations:
- relates #5821 (closed)
- relates #5820 (closed)