1. As mentioned in my last message, a transient warning could
appear when the user is typing text into a form on an unencrypted
site.
_Any_ unencrypted site? I suggest that this would get irritating to the user pretty quickly.
2. Currently, typing in password fields shows a bunch of stars to
give the impression that what you type is secret. Well, if we
are really serious about the necessity of SSL for keeping passwords
secret, then why should we give that impression when there's no
encryption? Suppose that, if there's no SSL, password fields
*don't* blank out the text with stars -- they just behave like
normal visible text fields. That would be instant, unmistakable
feedback, and i think it would be a pretty intuitive way to show
that the password isn't being kept secret.
The stars are basically to prevent someone looking over your shoulder, which is a valid and worthy aim. We could replace them with little padlocks in the SSL case, perhaps. The more I think about that idea, the more I like it. But perhaps it has some drawbacks I haven't thought of.
Displaying the plaintext would be a security regression, IMO.
3. Consider these three cases: (a) Unencrypted connection. (b) SSL connection with a self-signed certificate. (c) SSL connection with a certificate signed by a known CA.
Of these three options, (a) is the riskiest context in which to submit an HTML form; (b) and (c) are safer. (If you trust centralized CAs, then you might also believe that (c) is safer than (b). I *don't* trust the CAs, but that is an issue for a separate thread. In any case, i hope we can agree that (b) is still safer than (a).)
Well... you are safe from MITM attacks, but these are not common. You aren't any more safe from phishing, which _is_ common, than you are in scenario (a).
4. What if the browser chose SSL by default first? As in, when
you type "paypal.com" in the location bar, the browser *first*
tries https://paypal.com/. If that fails, then it falls back
to http://paypal.com/. In a world where self-signed certificates
aren't penalized with a big scary warning, this might go a long
way toward encouraging more widespread use of SSL.
Unfortunately, due to virtual hosts, you might end up on a different website altogether.
See https://www.gerv.net/ vs. http://www.gerv.net/
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
