Gervase Markham wrote:
HJ wrote:
I have a Yahoo e-mail account, and that uses SSL for logins.
Are you talking about the free Yahoo webmail or paid Yahoo e-mail
accounts?
This was Dan's example; and I think he meant the login page was
unencrypted but submitted to an encrypted target. Amazon does this also,
I've noticed.
Yep, correct, which is probably done to save server resources.
2) We need a way to brand every browser window so that it can't be
confused with an OS window. Just the status bar - a featureless grey
blob - doesn't really do that. Having the domain makes it clear.
There is, or should be, (for now) that Mozilla Firefox icon (at least
on Windows) at the upper left corner of the window (I don't have a
clue what the official for it is).
Hmm, well, maybe. It's not really enough, though.
Fair enough, but it might help, at least for now.
ps s/official/official name
Gerv
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security