Lets suppose a web hosting company acquires an EV cert and provides for its clients some nifty re-write rule to let appear the site as EV verified, but the actual content is served in a iframe - from the clients regular SSL secured site. Which answer would you propose to your question below? Obviously this is only important if a distinctions is made between EV and others... ;-)
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 Gervase Markham wrote: > As I'm not sure of the way the proposed implementation for EV indication > works, I don't quite know who to address this question to. I'm hoping > the right person is reading :-) > > At the moment, if a web page has some http and some https elements, > Firefox (rightly) complains. You only get a lock, and a lack of > warnings, if all of the page elements were served over https. > > Will whatever NSS or PSM flag is set to say "this page has an EV > certificate" only be set if _all_ page elements are served from a server > with such a certificate? > > Apparently, at the moment, IE displays the green bar if the top-level > page is EV, and the rest is "normal" SSL. > > Gerv > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security