Hi Mike, beltzner wrote:
I'm glad to hear that! In a previous thread I made the suggestion and a proposal, instead of colored address bars, to provide to the user with much needed information in an easier way than today, mainly:Being able to talk about validated identity is indeed quite interesting, but advertising "get the green bar"[1], "go green"[2] or telling users that they are safe when they see a green URL bar all cause concern in my mind.
- Mouse over the padlock should display basic information found in the subject line.
- Click on the padlock should open the "Certificate Viewer".Today the situation is, that in order to get a clue about important details of the issued certificate one has to:
Right Click on the page -> View Page Info -> Select Security Tab -> Click View....in order to receive this information. This is not efficient and most casual users can't / don't know how to get there and what to expect! As mentioned in the earlier thread I suggest to improve the UI in such a way to give the user an easy way to make a judgment about the site. Obviously most CA's bother to include valuable information in the subject line concerning the level and type of the verification of the identity.
BTW, when clicking on Thunderbird on the lock/signature I receive the Certificate Viewer....why in Firefox this isn't the same behavior, is mysterious ;-)
And at last, it is obvious that the EV forum is a business plan and I certainly hope, that Mozilla doesn't lend a hand to it, specially since - despite the claim made at the "CA-Browser Forum" - this is a closed forum and organization! Until and once this has been corrected by this forum - of which Mozilla is part of after all!!! - I suggest not to provide the incentive of a green or whatever address bar!
Could you pop in a line at dev-security, once a discussion has started in one of the relevant mailing lists, so we could join that effort as well? Thanks!As for the future, I'm not sure that dev.security is the right place for discussions of the UI. It's the right place for discussions of the EV specification, for discussion of our plans to be able to detect, parse and make EV metadata available, but the front end design of how we surface that information is, IMO, a topic for dev.apps.firefox or dev.apps.whateverAppBuiltOnMozillaThatsUsingEV :)
[1]: VeriSign uses this slogan[2]: GlobalSign (http://www.globalsign.com/images/extended-validation-ssl.gif)
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
