> Best case: no one will notice it after the first few days. > Worst case: people notice it, and therefore start ignoring all https > authentication errors. > > Is there a way to make the best case better, without ending up at the worst > case?
At least for Firefox, the gray broken lock icon option is pretty tame[1]. I don't think the worst case is likely with that option since it's not red and scary like all the other https errors. Also, it's just annoying enough to be an eyesore to sysadmins (who might upgrade to https), even if their users tend to ignore it. [1] - https://bugzilla.mozilla.org/attachment.cgi?id=8459203&action=edit _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy