On Fri, 16 Feb 2018 08:15:10 -0800
> Given this group focused on Mozilla, it is likely out of scope to > discuss Chromium design. I do suggest you look at > https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html > It seems reasonably clear the marking is per top level page load. > This is very similar to the UI for Firefox which shows the lock (and > EV info) per top level page load. "helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. not secure example.com webpage not secured example.com - may be better? To me it seems to be saying that the domain is "not secure" which is incorrect. The page is "not secured" and the domain may be more secure than another labelled secure (not not secure). If the goal is to move everyone to https in fear of their sites looking insecure rather than inform the user then I understand. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
