Are we going to remove support for this pref in a subsequent release?

Am Mo., 12. Aug. 2019 um 10:05 Uhr schrieb Johann Hofmann <>:

> In desktop Firefox 70, we intend to remove Extended Validation (EV)
> indicators from the identity block (the left hand side of the URL bar which
> is used to display security / privacy information). We will add additional
> EV information to the identity panel instead, effectively reducing the
> exposure of EV information to users while keeping it easily accessible.
> Before:
> After:
> The effectiveness of EV has been called into question numerous times over
> the last few years, there are serious doubts whether users notice the
> absence of positive security indicators and proof of concepts have been 
> pitting
> EV against domains <> for
> phishing.
> More recently, it has been shown <> that EV
> certificates with colliding entity names can be generated by choosing a
> different jurisdiction. 18 months have passed since then and no changes
> that address this problem have been identified.
> The Chrome team recently removed EV indicators from the URL bar in Canary
> and announced their intent to ship this change in Chrome 77
> <!topic/security-dev/h1bTcoTpfeI>.
> Safari is also no longer showing the EV entity name instead of the domain
> name in their URL bar, distinguishing EV only by the green color. Edge is
> also no longer showing the EV entity name in their URL bar.
> On our side a pref for this
> (security.identityblock.show_extended_validation) was added in bug 1572389
> <> (thanks :evilpie
> for working on it!). We're planning to flip this pref to false in bug
> 1572936 <>.
> Please let us know if you have any questions or concerns,
> Wayne & Johann
> _______________________________________________
> firefox-dev mailing list
dev-platform mailing list

Reply via email to