So we have two issues here:
- We have less testing on security.insecure_connection_text.enabled
- security.insecure_connection_icon.enabled is a lot heavier handed as MT
notes and also we use this for insecure passwords too.
We also have the pbmode variants if we wanted both enabled when in Private
We are discussing the impact of shipping the "Not Secure" text with product
at the moment which is likely much safer to ship right now.
On Fri, Feb 9, 2018 at 2:02 PM, Tom Schuster <t...@schuster.me> wrote:
> If you flip just security.insecure_connection_text.enabled and not
> security.insecure_connection_icon.enabled you get Chrome's behavior.
> Flipping both gives you the broken lock and the "Not Secure" text. I
> don't see a big difference there and I hope we can ship this as soon
> as possible.
> On Fri, Feb 9, 2018 at 1:55 AM, Martin Thomson <m...@mozilla.com> wrote:
> > +ffxdev
> > There's a tangible difference between text saying "Not Secure" and a
> > broken lock icon. I think that we're close, but we'd be making a
> > stronger statement than Chrome if we did this.
> > On Fri, Feb 9, 2018 at 8:17 AM, Chris Peterson <cpeter...@mozilla.com>
> >> Chrome will start marking HTTP pages as "Not secure" in July 2018
> >> 68):
> >> https://security.googleblog.com/2018/02/a-secure-web-is-
> >> Firefox has a similar insecure HTTP warning icon, currently disabled by
> >> `security.insecure_connection_icon.enabled` pref added in bug 1310447.
> >> Are there any blockers for Firefox shipping this feature?
> >> _______________________________________________
> >> dev-platform mailing list
> >> firstname.lastname@example.org
> >> https://lists.mozilla.org/listinfo/dev-platform
> > _______________________________________________
> > firefox-dev mailing list
> > firefox-...@mozilla.org
> > https://mail.mozilla.org/listinfo/firefox-dev
> dev-platform mailing list
dev-platform mailing list