- From: Michal Zalewski <lcamtuf@google.com>
- Date: Sun, 14 Dec 2014 11:47:47 -0800
- To: Igor Bukanov <igor@mir2.org>
- Cc: Chris Palmer <palmer@google.com>, Eduardo Robles Elvira <edulix@agoravoting.com>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, blink-dev <blink-dev@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>
> I would like to see some hypothetical encrypted http:// when a browser > present a page as if it was over https:// if everything of a secure origin > and as if it was served over plain http if not. That is, if a future browser > shows warnings for plain http, so it will show the same warnings for > encrypted http:// with insecure resources. Browsers have flirted with along the lines of your proposal with non-blocking mixed content icons. Unfortunately, websites are not static - so the net effect was that if you watched the address bar constantly, you'd eventually get notified that your previously-entered data that you thought will be visible only to a "secure" origin has been already leaked to / exposed to network attackers. The main point of having a visible and stable indicator for encrypted sites is to communicate to the user that the site offers a good degree of resilience against the examination or modification of the exchanged data by network attackers. (It is a complicated property and it is often misunderstood as providing clear-cut privacy assurances for your online habits, but that's a separate topic.) Any changes that make this indicator disappear randomly at unexpected times, or make the already-complicated assurances more fragile and even harder to explain, are probably not the right way to go. /mz
Received on Sunday, 14 December 2014 19:48:33 UTC