On Thursday, July 18, 2019 at 12:42:00 PM UTC-7, Matthew Hardeman wrote: > Regarding indicators, I agree that it should be more apparent. Perhaps a > dedicated bar that occupies an entire edge-to-edge horizontal area. > > I would propose that it might have two distinct messages, as well: > > 1. A message that an explicitly known MiTM certificate exists in the > certificate chain being relied upon. This would allow for explicit warning > about known MiTM infrastructures and would allow tailoring any "more info" > resource to explicitly call out that it is known that interception is being > performed. > > 2. A message that indicates that a non-standard certificate chain is being > presented, which might mean corporate interception, private websites within > an organization, etc, etc. > > On Thu, Jul 18, 2019 at 2:11 PM Andrew via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > I agree a persistent indicator is a good idea. From what I understand > > Firefox does already have an indicator hidden in the site information box > > that appears when you click the lock icon in the address bar ( > > https://bugzilla.mozilla.org/show_bug.cgi?id=1549605 ). This should be > > more visible in my opinion. Maybe add an asterisk next to the lock icon or > > something. > > > >
I like the idea of a non-closable banner below the URL simply stating "Kazakhstan is spying on you, learn more here <link to more info>". _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
