47620 - Security padlock doesn't change until secure page loading completes

Status: VERIFIED FIXED

(Core Graveyard :: Security: UI, defect, P3)

Description

[Adam Lock]

When I load the above URL, the status padlock doesn't change to "Signed by 
Verisign Trust Network" until the entire page (including graphics) has loaded. 
This can take 20 seconds or so on a dialup link.

In 4.x, the security padlock turns yellow immediately after downloading begins.

Comment 1

[Mitchell Stoltz (not reading bugmail)]

->Crypto for PSM UI issues. 

Comment 2

[David P. Drinan]

Setting target milestone to future.

Comment 3

[John G. Myers]

Until the entire page has loaded, the user is not necessarily seeing what the 
site intended.  This could be considered INVALID.

Comment 4

[John Unruh]

I agree with jgmyers. Invalid.

Comment 5

[John Unruh]

Verified invalid.

Comment 6

[Mike Pinkerton (not reading bugmail)]

4.x sets the lock icon immediately -- are you saying 4.x is broken?

This is _very_ disconcerting to users since they very easily think (as I did)
that the document was not secure and get very very scared.

Comment 7

[John Unruh]

ccing people, and opening for discussion.

Comment 8

[Jim Roskind]

It looks like the icon switches instantly to "unlocked" as you begin *any*
transition (even SSL to SSL site), and only switches back to "locked" when it is
sure the page has no mixed content (combo of httpS with http).  From a security
perspective, we're erring on the side of avoiding false claims of security.  I
think that the fact that N6 does incremental layout, starting asap, makes this
"feature" very visible (as compared with 4.x).

I think that 4.x displayed an open lock when mixed content is displayed, but 4.x
didn't display much until it had the entire page.   I think that if it appears
that 4.x switches "instantly" to a locked icon it is because it waited to
display anything until it had pretty much the entire page.   I'm open to being
corrected... but I suspect this plays into making this "feature" more visible in N6.

There has also been a lot of discussion about mixed content in N6.  Perhaps, if
we settle on not complaining about mixed content, we could show the locked icon
sooner... but until this is much more settled, I think showing an unlocked icon
until we are "sure," is probably the most reasonable activity.

Comment 9

[Mike Pinkerton (not reading bugmail)]

jar, that might be reasonable to you, as someone very knowledgeable about the
details of security. 99% of our users are not. All they see is their personal
data on the screen with no hint of security (users don't know what https means,
and they certainly don't know what mixed content is).

Comment 10

[selmer (gone)]

rtm-, the behavior is correct if not elegant.

Comment 11

[John G. Myers]

After the fix to bug 31982, the lock icon shows locked immediately after 
downloading begins, but will not have the "Signed by" popup until the entire 
page is loaded.

Comment 12

[John Unruh]

Verified.

Comment 13

[lchiang]

junruh - pls state which trunk build you verified on.  Thanks.

Comment 14

[John Unruh]

Verified on 12/21 Mac, Win and Linux trunk builds.

Comment 15

[Angela Butler]

Added branch accept to status whiteboard

Comment 16

[selmer (gone)]

David, please check in on the branch ASAP.

Comment 17

[Javier Delgadillo]

ddrinan is on sabatical.  jgmyers: can you check this in since you know
something about this bug?

Comment 18

[John G. Myers]

This bug is fixed by the patches attached to bugs 31982 and 59827.  No 
additional changes needed.

Comment 19

[John Unruh]

Verified on the latest MTEST builds on Win, Mac and Linux.

Comment 20

[John Unruh]

Mass changing Security:Crypto to PSM

Comment 21

[John Unruh]

Mass changing Security:Crypto to PSM