W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2016

Re: Proposal: Marking HTTP As Non-Secure

From: <gimli.son.of.gloin@gmail.com>
Date: Thu, 11 Aug 2016 16:10:10 -0700 (PDT)
To: Security-dev <security-dev@chromium.org>
Cc: public-webappsec@w3.org, blink-dev@chromium.org, dev-security@lists.mozilla.org
Message-Id: <9703a367-981d-4471-b5a1-57135ce9a7e7@chromium.org>
As both a user and sysadmin I really encourage this initiative. 

One way to implement this that I think would make non-secure site more obvious and would enhance security would be to add a red border to any site or frame that isn't secure. Hovering the mouse over the border could identify what makes the site/frame non-secure.

An option to disable the borders per site could be added in the site permissions so that known sites wouldn't show the border and could be used for sites where the border affects functionality. 

This should be a fairly simple function to code and I think it would be a lot more noticeable than just the address bar notifications. I think user education would be fairly easy too.
Received on Tuesday, 16 August 2016 08:29:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC