Closed Bug 1572936 Opened 5 years ago Closed 5 years ago

Move EV cert UI out of URL Bar


(Firefox :: Site Identity, enhancement, P1)




Firefox 70
Tracking Status
relnote-firefox --- 70+
firefox70 --- fixed


(Reporter: hanno, Assigned: johannh)


(Blocks 1 open bug)


(Keywords: parity-chrome, parity-safari)


(1 file)

Extended Validation certificates are shown in Firefox with a special green bar in front of the address with the company name.

There's been extensive discusison in the security community about the usefulness of EV certificates. Chrome developers recently announced plans to change the indicator and move the EV information to the Page Info UI [1].

I believe Firefox should consider similar changes. Here's why:

  1. There's little evidence that EV has any usefulness in terms of security and that users understand what it's trying to communicate.

  2. The general trend in HTTPS UI has been to move away from positive security indicators and instead consider security the norm and show negative indications for insecurity. Removing special treatment for EV certificate would fall in line with that thinking.


Closed: 5 years ago
Component: Address Bar → Site Identity and Permission Panels
Resolution: --- → DUPLICATE

I have seen bug #1572389, but this isn't a duplicate. That bug asks for an option to remove the EV indicator, I'm proposing to remove it (or make it the default).
The first is more a technical issue, while this is asking to consider the justification for the existence of this indicator.

Resolution: DUPLICATE → ---

oops I think I filed a duplicate, I had trouble finding this

See Also: → 1218153

For disabling EV indicators by default, I did a try run and it looks to me like we don't test this UI feature? Maybe just the wrong set of tests?

Flags: needinfo?(jhofmann)

Yup, intent to ship is going out soon, we're just a few days behind the Chrome announcement because weekends :)

(In reply to Tom Schuster [:evilpie] from comment #5)

For disabling EV indicators by default, I did a try run and it looks to me like we don't test this UI feature? Maybe just the wrong set of tests?

There's a functional-ui test failing, but I don't see any mochitest-bc, which is surprising. I'll look into it.

I'll take this bug, if you don't mind :)

Assignee: nobody → jhofmann
Flags: needinfo?(jhofmann)
Priority: -- → P1
Summary: Consider removing EV / Extended Validation indicator for HTTPS certificates → Move EV cert UI out of URL Bar
Depends on: 1572389

Apparently this didn't have any tests other than the ones in functional-ui (of which one is disabled),
but adding new ones for EV at the point where it's being disabled and eventually removed doesn't
really make sense to me.

Pushed by
Flip `security.identityblock.show_extended_validation` to false to hide the ev indicators in the identity block. r=Gijs,whimboo
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 70
Blocks: 1218153
See Also: 1218153

Added to release notes for 70 as "The Extended Validation (EV) indicator has been moved to the identity popup that appears when clicking the lock icon" under a heading with a link to

Blocks: 1588415
Blocks: 1599729
Regressions: 1700334
See Also: → 1700334
You need to log in before you can comment on or make changes to this bug.