SSL state should be separated from normal state. User confuses a state of current url connection without SSL state separated from normal http state. Google Chrome & Opera separate state SSL from normal http. I propose that the block of part favicon (lock icon) should be colorized when an url is https connection. (Attachmented screen shot is old identity block with "browser.identity.ssl_domain_display;0")
Component: Location Bar → Theme
QA Contact: location.bar → theme
If the almost http trafic over the world use SSL, Location bar's SSL state need not be separated clearly from normal state. However, current web is not so it. We should separate SSL state clearly from normal state as the case stand now.
What about this?
Attachment #617212 - Attachment is obsolete: true
Summary: SSL state should be separated from normal state → SSL state should be visually separated from rest of URL bar
From this mockup, each state of a connection is different by icon shape and color. But this non EV-SSL is not colorize. I think this is strange. http://cl.ly/0S2r0E0G2q2s0f0E0q2P And also, Firefox for Android uses a blue icon for display the SSL state. http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/resources/drawable-hdpi/site_security_verified.png I think that Desktop Firefox use the blue padlock for displaying the SSL state.
HTTPS EV must be green, as it's standard distinctive color for HTTPS EV. HTTPS must have padlock, as it's standard distinctive picture for HTTPS. In HTTPS padlock should be in black or yellow/gold hue as it's unofficial standard. This bug is probably WONTFIX or INVAILD per Australis style and we don't have now border between icon and address, so more colors will only distract users. But now I like the best how Opera displays this info to users. In old days it was Firefox with all yellow/gold address bar and padlock. If we want to change how Firefox looks now, I would like to see yellow/gold address bar back in HTTPS and HTTPS CV. Comparison of modern browsers and how they display HTTPS EV, HTTPS, Mixed content (HTTPS+HTTP) and HTTP
At this point this is wontfix. Blue padlocks don't really convey extra info for most people.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
US-CERT (an agency within the United States Department of Homeland Security) still advises users to look for a closed padlock. Thus, this bug report should remain open until fixed.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to David E. Ross from comment #7) > US-CERT (an agency within the United States Department of Homeland Security) > still advises users to look for a closed padlock. Great, we have a padlock in the URL bar for SSL connections!
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago → 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.