Hi,
> > Nice concept, but this still assumes the user will consciously look at
> > the address bar to check the domain although there is no UI indication
> > that tells him to do so.
>
> Not the address bar, the security UI in the bottom right.
But unless I am missing something this only tells you "you are securely
connected with the site in the address bar", so you still have to look at the
address bar for this information to be of any use. It would be much easier
for a user if the browser could signal "you are securely connected with a
site you trust".
> If the user blindly types their CC details into any web form which asks
> for them, I'm not sure there's much we can do to help.
True. There cannot be a general technical measure against this.
Michael
--
/* Identify the flock of penguins. */
2.2.16 /usr/src/linux/arch/alpha/kernel/setup.c
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
