On 01/05/2009 12:42 AM, Nelson B Bolyard:
Eddy Nigg wrote, On 2009-01-04 14:28:
On 01/04/2009 09:32 PM, Nelson B Bolyard:
do that, too, and phishers will be quick to imitate it. The main point of
"chrome" is that content cannot effectively mimic it. It's unspoofable.
(It wasn't, always, but browsers have finally gotten wise to that.)
And what about this? https://blog.startcom.org/?attachment_id=90
If the blue shading around the "favicon" was the ONLY indication that a
page was served via https, then I would agree that that's too weak to be
considered unspoofable (or even noticeable). But IIRC, there are at least
two other non-spoofable indicators.
I know about the padlock in the lower right bottom in the status bar.
It's however inconvenient and I personally never look there. Instead I
set browser.identity.ssl_domain_display to 1 in about:config.
But what is the second indicator?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
