This kind of thing?
https://addons.mozilla.org/en-US/firefox/addon/8128
On 4-Mar-09, at 9:42 AM, Eddy Nigg wrote:
On 03/04/2009 04:28 PM, Johnathan Nightingale:
no website can spoof the EV appearance of the site identity
button and, with the ssl_domain_display pref set to non-zero, (and
appropriate care given to IDN issues), they can't for regular SSL
either.
Right, and I'm extremely glad that we are going this route. I also
suggest to look on ways to signal to the user when we really expect
a secured site (see Jean-Marc's message).
It's extremely annoying to confirm every form submission when
unsecured (it's my current setting) - if we could indicate only on
password fields or other suspicious combination's (as phishers would
most likely start avoiding the password tag altogether), it would be
a useful indicator.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
---
Johnathan Nightingale
Human Shield
john...@mozilla.com
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security