On 9/20/14, 2:35 PM, Eric Mill wrote:
Spitting out dev console warnings is certainly a step forward. I'm not sure
how the new dev console and Firebug interact, but I assume these added
warnings would also show up in Firebug.
I've noted to make sure the warnings show up in Firebug too.
https://bugzilla.mozilla.org/show_bug.cgi?id=1068949#c1
Another idea, also only visible to those poking about -- what about adding
additional text to the box that pops up when you click the lock? Chrome
does this for sites not implementing Certificate Transparency, for instance
("...but does not have public audit records.")
That's possible. Still needs investigation, discussion, UX input...
It'd also be nice if Mozilla joined Google in finding a way to surface an
indicator to more than those poking about.
Understood.
Note that, after January 1, 2016, we do plan to show the "Untrusted
Connection" error whenever a newly issued SHA-1 certificate is
encountered in Firefox.
And, as previously stated, After January 1, 2017, we plan to show the
"Untrusted Connection" error whenever a SHA-1 certificate is encountered
in Firefox.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
