Opera's three security levels

Below is a message from Opera's Yngve Pettersen that describes the
criteria that Opera browser uses for selecting the 1-3 number
displayed within the padlock icon in Opera (to indicate the
security level).

----- Forwarded message from "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> -----

Date: Thu, 16 Nov 2006 04:39:39 +0100
To: "Michael(tm) Smith" <mikes@opera.com>
Subject: Opera's 3 security levels
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>

Hi,

I see from the WSC minutes that you want this information:

Level 0: At least one resource was loaded from an uncrypted site, expect  
for (Opera 8+) the first redirect as long as it is not a POST.

Level 1: Chosen for

  - 40 and 56 bit symmetric encryption (or below)
  - anonymous ciphers
  - authentication only.
  - RSA/DH/DSA keys shorter than 900 bits (Opera 9+ can adjust this in  
    jumps of 100 bits as needed).
  - Certificate warnings
  - SSL v2 (any cipher)

Level 2: RSA/DH/DSA keys between 900 (inclusive) and 1000 bits (not  
inclusive)

Level 3:  requires all of these:

  - 128 bit and more symmetric (including 3DES),
  - 1000 bit or more RSA/DH/DSA (will be upgraded to 1020 bit as soon as  
    old RSA SSCA root has been phased out)
  - Opera 9: No problems with OCSP validation (when used)

OCSP problems (except revocation) results in a one level down indication.

In Opera 9.10 no padlock is displayed for https pages that have level 2  
(IIRC) or below.

In Opera 9.0x level 2 and below will show a partial lock (open in case of  
mixed security) on grey background. Opera 8.x uses yellow background for  
all levels for a https page.

-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

----- End forwarded message -----

-- 
Michael(tm) Smith
Opera Software, Tokyo
xmpp:smith@sideshowbarker.net
irc://irc.freenode.net/mobile-web

Received on Friday, 17 November 2006 12:40:40 UTC