Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

> On 19 Dec 2014, at 23:37, 'Tyler Larson' via Security-dev <> wrote:
> In current implementations, there's no signaling by the browser to say "this site isn't encrypted." There's the *absence* of signaling about security, but that's not the same thing as positively saying that a site was delivered over an insecure channel.

This is why some websites get away with changing their Favicon to a lock, or even showing a lock image on the page ("see our site is secure")... It's much easier than buying a certificate :-P

It would be better if there was something in the browser... e.g. a red unlocked padlock, with a cross over it, where a HTTPS site either shows a gold/green locked icon, or nothing at all (as the browser doesn't know if the website has other security problems)... then there would be a consistent/better indicator of the connection state.


Received on Monday, 22 December 2014 16:58:46 UTC