Closed
Bug 348677
Opened 18 years ago
Closed 17 years ago
Identify extended validation (high assurance) https sites (maybe turn address bar green)
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 383183
People
(Reporter: mozilla, Assigned: gerv)
References
()
Details
Attachments
(3 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 Internet Explorer 7 has a feature that identifies "extended validation" (also known as "high assurance") certificates, which have been more thoroughly vetted by certificate authorities than regular certificates. The exact way to integrate this information with Firefox's browser chrome may still be under debate, but it would be nice to recognize when an extended validation certificate is encountered and provide the user with some way to know that an extended validation site has occurred. On the "Security" tab of "Page Info" would be a good place to start. Reproducible: Always Steps to Reproduce: 1. Install Microsoft Testing Root Certificate Authority certificate (http://crypto.stanford.edu/~collinj/testingroot.cer) 3. Visit https://www.woodgrovebank.com/ Actual Results: Address bar turns yellow with lock icon. Nothing particularly unusual is shown if you click on the lock icon. Expected Results: Address bar turns green (maybe) and organization name (and possibly CA identity) from certificate is displayed. Or, if that's too radical of a change, at least show some information about the fact that extended validation is present when you click the lock icon. You can also get the Microsoft Testing Root Certificate Authority certificate here: http://www.microsoft.com/downloads/details.aspx?FamilyId=0742AE7E-6E7F-47D3-8327-E20D94AF2794&displaylang=en If you install it using that tool, you'll need to export it to Firefox using the certificates snap-in in the Microsoft Management Console (C:\WINDOWS\system32\mmc.exe). More information about extended validation certificates: http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx
Comment 1•18 years ago
|
||
I think we've got this one somewhere already. We probably aren't going to turn the address bar green, but the actual UI plan has yet to be finalized.
Assignee: nobody → gerv
Reporter | ||
Updated•18 years ago
|
Summary: Turn address bar green for extended validation (high assurance) https sites → Identify extended validation (high assurance) https sites (maybe turn address bar green)
Assignee | ||
Comment 2•18 years ago
|
||
I don't think this bug is a duplicate. The exact UI will depend on a lot of things - not least of which is whether we just expose this as-is, or we incorporate the information into some greater "site trust" metric which uses other data sources to help make the decision. I know some people favour that idea. Gerv
Comment 3•18 years ago
|
||
Reported here : <http://www.theregister.co.uk/2006/10/25/verisign_extended_validation/>. Mostly FUD obviously. Is there a NSS bug for extended validation SSL ?
Comment 4•18 years ago
|
||
More information on EV SSL at http://www.cabforum.org/. EV capabilities (i.e., the "green bar" and "enhanced security report") are expected to be turned on in IE7 by February 2007, and Opera has expressed its intention to add EV "when it's ready" (see http://labs.opera.com/news/2006/10/09/). EV-approved CAs (ie CAs who have passed the WebTrust for CA's EV readiness audit for complaince with the EV Guidelines) have begun pre-selling the EV certs.
Updated•18 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 5•17 years ago
|
||
Updated•17 years ago
|
OS: Windows XP → All
Hardware: PC → All
Version: unspecified → Trunk
Comment 6•17 years ago
|
||
For people with red-green color blindness (~20% of caucasian males), there is effectively NO DIFFERENCE between the green and yellow colors shown in the attached sample image, except when spatially juxtaposed. A difference can be seen when the two colors are juxtaposed, but the two are indistinguishable when seen separately from the other. To be differentiable when not juxtaposed, two colors must differ significantly from each other in luminance, or be rather highly saturated and differ significantly in hue (e.g. at least 30 degrees). Let me suggest #F6F87C and #6EDC6E for more obviously different yellow and green values.
Comment 7•17 years ago
|
||
Comment 8•17 years ago
|
||
Updated•17 years ago
|
Attachment #259216 -
Attachment description: green vs. yellow / entire urlbar vs. security bar only → light green vs. light yellow / entire urlbar vs. security bar only (plus IE7 & Opera solutions)
Comment 9•17 years ago
|
||
Implemented the IE functionality via an add-on: https://addons.mozilla.org/en-US/firefox/addon/4828 It would be easy enough to change the colour in the add-on CSS.
Comment 10•17 years ago
|
||
On what platforms does this extension work? Vista? WinXP? Mac OS/X? Linux?
Comment 11•17 years ago
|
||
(In reply to comment #10) > On what platforms does this extension work? Vista? WinXP? Mac OS/X? Linux? All.
Comment 12•17 years ago
|
||
This feature is now a FF3 PRD line item (SPI-001b) being tracked in bug 383183. Some of these mockups are pretty sharp, I'd be interested to get impressions of the current test extension over in bug 383183.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•