Eddy Nigg wrote, On 2009-01-04 14:48: > On 01/05/2009 12:42 AM, Nelson B Bolyard: >> Eddy Nigg wrote, On 2009-01-04 14:28: >>> On 01/04/2009 09:32 PM, Nelson B Bolyard: >>>> do that, too, and phishers will be quick to imitate it. The main point of >>>> "chrome" is that content cannot effectively mimic it. It's unspoofable. >>>> (It wasn't, always, but browsers have finally gotten wise to that.) >>> And what about this? https://blog.startcom.org/?attachment_id=90 >> If the blue shading around the "favicon" was the ONLY indication that a >> page was served via https, then I would agree that that's too weak to be >> considered unspoofable (or even noticeable). But IIRC, there are at least >> two other non-spoofable indicators. > > I know about the padlock in the lower right bottom in the status bar.
And right next to the lock icon is the DNS name that matched the cert. This solves one problem with confusing URLs. > It's however inconvenient and I personally never look there. Instead I > set browser.identity.ssl_domain_display to 1 in about:config. That's also a good indicator. Setting it to 2 makes it show the same value as shown down by the lock icon, the verified DNS name. > But what is the second indicator? I was thinking of the "scheme" in the address bar, e.g. https:// _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
