Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Wed, August 13, 2014 6:14 pm, Peter Gutmann wrote: > Chris Palmer writes: > > >FWIW, that's a misquote; I didn't write that. > > Ooops, sorry, it was posted by Patrick McManus (I > used > a script to try and resurrect the lost emails for re-send, I suspect > something > got mangled somew

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Chris Palmer writes: >FWIW, that's a misquote; I didn't write that. Ooops, sorry, it was posted by Patrick McManus (I used a script to try and resurrect the lost emails for re-send, I suspect something got mangled somewhere). So the question should have been addressed to Patrick (or anyone els

Re: Proposal: Switch generic icon to negative feedback for non-https sites

FWIW, that's a misquote; I didn't write that. On Aug 12, 2014 4:38 AM, "Peter Gutmann" wrote: > [Apologies if you've seen this before, it looks like up to a week's worth > of > mail from here has been lost, this is a resend of the backlog] > > Chris Palmer writes: > > >Firefox 31 data: > > > >o

Re: Proposal: Switch generic icon to negative feedback for non-https sites

[Apologies if you've seen this before, it looks like up to a week's worth of mail from here has been lost, this is a resend of the backlog] Chris Palmer writes: >Firefox 31 data: > >on desktop the median successful OCSP validation took 261ms, and the 95th >percentile (looking at just the univer

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Yes, I started this thread. I officially declare this thread closed...even though I have no ability to enforce it. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Can we please declare this thread closed? The level of debate has gotten a little low. --Richard On Aug 9, 2014, at 7:53 PM, David E. Ross wrote: > On 7/19/2014 11:54 AM, Daniel Roesler wrote: >> Howdy all, >> >> Yesterday, I created a bug proposing that Firefox switch the generic >> url i

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 11/08/14 04:16, David E. Ross wrote: > Rosenthal is also a reseller of X.509 subscriber certificates, which > should mean he understands Internet security. Otherwise, how is he > allowed to sell such certificates? I don't often say this, because it's not often true, but... LOL. Gerv __

Re: Proposal: Switch generic icon to negative feedback for non-https sites

- Original Message - > From: "David E. Ross" > To: mozilla-dev-security-pol...@lists.mozilla.org > Sent: Monday, August 11, 2014 8:01:44 AM > Subject: Re: Proposal: Switch generic icon to negative feedback for non-https > sites > > On 8/10/2014 8:16 PM, D

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 8/10/2014 8:16 PM, David E. Ross wrote: > On 8/10/2014 4:09 PM, Matt Palmer wrote: >> On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: >>> Anyone wishing to argue this issue further -- to argue in favor of >>> implementing a scheme to encourage all Web sites to be HTTPS with site >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sun, Aug 10, 2014 at 08:16:42PM -0700, David E. Ross wrote: > On 8/10/2014 4:09 PM, Matt Palmer wrote: > > On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: > >> Anyone wishing to argue this issue further -- to argue in favor of > >> implementing a scheme to encourage all Web sites

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sun, August 10, 2014 8:16 pm, David E. Ross wrote: > I was a computer systems integrator for over 30 years. I fully > understand what "integrator" means. In my career, sopftware integration > often included dealing with secure systems and how they were made secure. That's a very... liberal

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sun, August 10, 2014 4:06 pm, Matt Palmer wrote: > On Sat, Aug 09, 2014 at 11:52:16PM -0700, Ryan Sleevi wrote: > > At the risk of engaging what may be trolling behaviour (non-attributable > > email addresses and all that good jazz), and while a point-by-point > > takedown is not particularly w

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 10/08/14 11:16 PM, David E. Ross wrote: > On 8/10/2014 4:09 PM, Matt Palmer wrote: >> On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: >>> Anyone wishing to argue this issue further -- to argue in favor of >>> implementing a scheme to encourage all Web sites to be HTTPS with site >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 8/10/2014 4:09 PM, Matt Palmer wrote: > On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: >> Anyone wishing to argue this issue further -- to argue in favor of >> implementing a scheme to encourage all Web sites to be HTTPS with site >> certificates -- should first read >>

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sat, Aug 09, 2014 at 04:53:46PM -0700, David E. Ross wrote: > Anyone wishing to argue this issue further -- to argue in favor of > implementing a scheme to encourage all Web sites to be HTTPS with site > certificates -- should first read >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sat, Aug 09, 2014 at 11:52:16PM -0700, Ryan Sleevi wrote: > At the risk of engaging what may be trolling behaviour (non-attributable > email addresses and all that good jazz), and while a point-by-point > takedown is not particularly worthy, the author makes a number of > demonstrably false or m

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sat, August 9, 2014 4:53 pm, David E. Ross wrote: > Anyone wishing to argue this issue further -- to argue in favor of > implementing a scheme to encourage all Web sites to be HTTPS with site > certificates -- should first read > >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 7/19/2014 11:54 AM, Daniel Roesler wrote: > Howdy all, > > Yesterday, I created a bug proposing that Firefox switch the generic > url icon to a negative feedback icon for non-https sites. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 > > I created this bug because it's time we star

Re: DANE (was Re: Proposal: Switch generic icon to negative feedback for non-https sites)

On Thu, August 7, 2014 4:29 pm, Phillip Hallam-Baker wrote: > That is only the case for DV certs. And it is a situation that is > hardly acceptable. > > It isn't really the case that its a permanent vulnerability either. If > a DNS registry was ever discovered to have acted as you suggest then

Re: DANE (was Re: Proposal: Switch generic icon to negative feedback for non-https sites)

On Thu, Aug 7, 2014 at 3:08 PM, Richard Barnes wrote: > > On Aug 7, 2014, at 2:17 PM, Chris Palmer wrote: > >> On Thu, Aug 7, 2014 at 7:11 AM, wrote: >> >>> I second that: DANE support is the right direction to go! It considerably >>> raises the effort required to do MITM attacks, it allows th

DANE (was Re: Proposal: Switch generic icon to negative feedback for non-https sites)

On Aug 7, 2014, at 2:17 PM, Chris Palmer wrote: > On Thu, Aug 7, 2014 at 7:11 AM, wrote: > >> I second that: DANE support is the right direction to go! It considerably >> raises the effort required to do MITM attacks, it allows the site ops to cut >> out the CAs and take control back. > >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Thursday, 7 August 2014 01:27:29 UTC+2, Matt Palmer wrote: > On Wed, Aug 06, 2014 at 12:02:57AM -0700, andrew.be...@gmail.com wrote: > > > Is there anything browser vendors can do to make SSL easier and cheaper > > > across the board before punishing you for not using it? > > > > Implement

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Wed, Aug 06, 2014 at 12:02:57AM -0700, andrew.be...@gmail.com wrote: > Is there anything browser vendors can do to make SSL easier and cheaper > across the board before punishing you for not using it? Implement support for DANE. It won't fix the 0.001% (by number, not traffic volume) of sites

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Wed, Aug 6, 2014 at 12:02 AM, wrote: > I'm all for pushing people onto SSL, and of course if you stigmatise > non-secure connections the demand for SSL increases and CDNs will need to > compete on their ability to support it at a reasonable cost. But there's a > chicken and egg problem, to

Re: Proposal: Switch generic icon to negative feedback for non-https sites

I think it's worth looking at the cost issue as an enterprise one as well as a personal one. Yes, there is a cost to the individual on a personal website and even a few dollars a year is off-putting if it potentially doubles the cost of your website. But those of us who operate large sites thr

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Thu, Jul 24, 2014 at 12:56 AM, Jernej Simončič wrote: >> The page area (the Viewport) is not a good place for UI that needs to >> be trustworthy. Trustworthy UI controls and indicators need to be in >> the chrome. > > I meant to only use the page area to indicate when something is wrong. But

Re: Proposal: Switch generic icon to negative feedback for non-https sites

on Wed, 23 Jul 2014 11:26:17 -0700, Chris Palmer wrote: > The page area (the Viewport) is not a good place for UI that needs to > be trustworthy. Trustworthy UI controls and indicators need to be in > the chrome. I meant to only use the page area to indicate when something is wrong. -- begin .

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Wed, Jul 23, 2014 at 4:06 AM, Jernej Simončič wrote: > How about showing a red border around the webpage, possibly with a banner > at the top (but inside the page area)? The page area (the Viewport) is not a good place for UI that needs to be trustworthy. Trustworthy UI controls and indicator

Re: Proposal: Switch generic icon to negative feedback for non-https sites

on Tue, 22 Jul 2014 12:24:30 -0700, Brian Smith wrote: > Having said all of that, I remember that Mozilla did some user > research ~3 years ago that showed that when we show a negative > security indicator like the broken lock icon, a significant percentage > of users interpreted the problem to li

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Tue, Jul 22, 2014 at 2:00 PM, 'Chris Palmer' via Security-dev < security-...@chromium.org> wrote: > So, it seems we're mixing the Lock metaphor with the Traffic Light > metaphor, and that mixing them does not make sense. I have proposed > dropping the lock part and just going with red, yellow,

Re: Proposal: Switch generic icon to negative feedback for non-https sites

This is not uncommon. We found the same issue among all 3-letter agency users of the P25 radios. They frequently confused the *not* encrypted icon for the encrypted one. In fact, we still hear them over the air giving the wrong instructions on how to encrypt. I don't think developers are the be

Re: Proposal: Switch generic icon to negative feedback for non-https sites

- Original Message - > From: "Adrienne Porter Felt" > To: "Daniel Roesler" > Cc: dev-security-policy@lists.mozilla.org, "Eric Mill" , > "security-dev" > , "Chris Palmer" > Sent: Tuesday, 22 July, 2014 1:42:05 AM >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Chris Palmer writes: >Tangential, fun note: felt, et al. found that ~50% of users thought a >green lock was *open*, hence unsafe — green means you can go, through >the locked door, while red means the lock is securely locked. Like an >airplane toilet... Do you have a reference for this? Peter

Re: Proposal: Switch generic icon to negative feedback for non-https sites

In terms of the messaging behind any iconography, I would like to see something precise and perhaps more objective than, say, labels like secure/not-secure/good-luck-with-that. Those words can have different meanings depending on the context but the issues being addressed are pretty well define

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Tue, Jul 22, 2014 at 2:00 PM, Brian Smith wrote: > Firefox's cert override mechanism uses a different pinning mechanism > than the "key pinning" feature. Basically, Firefox saves a tuple > (domain, port, cert fingerprint, isDomainMismatch, > isValidityPeriodProblem, isUntrustedIssuer) into a d

Re: Proposal: Switch generic icon to negative feedback for non-https sites

[+keeler, +cviecco] On Tue, Jul 22, 2014 at 1:55 PM, Chris Palmer wrote: > On Tue, Jul 22, 2014 at 3:01 AM, Hubert Kario wrote: > >>> I'm pretty sure Firefox merely remembers your decision to click >>> through the warning, not that it pins the keys/certificates in the >>> chain you clicked throu

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Tue, Jul 22, 2014 at 3:01 AM, Hubert Kario wrote: >> I'm pretty sure Firefox merely remembers your decision to click >> through the warning, not that it pins the keys/certificates in the >> chain you clicked through on. >> >> Although I have proposed that for certain use-cases, its applicabili

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 7/22/2014 11:27 AM, Chris Palmer wrote [in part]: > On Tue, Jul 22, 2014 at 10:49 AM, I previously wrote [also in part]: > > (Your intentionally broken email address suggests that you don't > really want to communicate, so mostly this message is directed to the > public list subscribers in gene

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Tue, Jul 22, 2014 at 12:24 PM, Brian Smith wrote: > On Mon, Jul 21, 2014 at 4:10 PM, Adrienne Porter Felt > wrote: > > I would very much like to make http sites look insecure. > > > > But we face a very real problem: a large fraction of the web is still > > http-only. That means that: > > > >

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Mon, Jul 21, 2014 at 4:10 PM, Adrienne Porter Felt wrote: > I would very much like to make http sites look insecure. > > But we face a very real problem: a large fraction of the web is still > http-only. That means that: > >- Users will get used to the insecure icon, and it will start looki

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Tue, Jul 22, 2014 at 10:49 AM, David E. Ross wrote: (Your intentionally broken email address suggests that you don't really want to communicate, so mostly this message is directed to the public list subscribers in general.) > Someone please explain to me how my non-HTTPS personal Web site at

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Mon, Jul 21, 2014 at 7:15 PM, Michal Zalewski wrote: > Indeed. Instinctively [*], I think that a prominent always-on > indicator - say, an icon alternating between a red peering eye and a > green / gray closed lock - is strictly better than showing nothing for Tangential, fun note: felt, et a

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Someone please explain to me how my non-HTTPS personal Web site at creates any risk to visitors. I do not force any downloads other than GIF and JPEG files. I do not accept any inputs other than search terms for a search engine I do not control. I give visitors no login

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Mon, Jul 21, 2014 at 4:20 PM, Daniel Roesler wrote: > Gotta start somewhere. Best case: no one will notice it after the first few days. Worst case: people notice it, and therefore start ignoring all https authentication errors. Is there a way to make the best case better, without ending up

Re: Proposal: Switch generic icon to negative feedback for non-https sites

The number of security states for the address bar seems to have gotten a bit out of control. Depending on the browser, you will have different indicators for plain HTTP; HTTPS; EV SSL HTTPS; HTTPS with cert errors (often without distinguishing between their severity); HTTPS with passive mixed conte

Re: Proposal: Switch generic icon to negative feedback for non-https sites

I would very much like to make http sites look insecure. But we face a very real problem: a large fraction of the web is still http-only. That means that: - Users will get used to the insecure icon, and it will start looking meaningless pretty quickly. - This might also make users ignore

Re: Proposal: Switch generic icon to negative feedback for non-https sites

- Original Message - > From: "Chris Palmer" > To: "Hubert Kario" > Cc: "David E. Ross" , > mozilla-dev-security-pol...@lists.mozilla.org > Sent: Tuesday, 22 July, 2014 1:08:57 AM > Subject: Re: Proposal: Switch generic icon to negative fee

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 22/07/14 12:58 AM, Brian Smith wrote: > On Mon, Jul 21, 2014 at 8:50 PM, Eric Mill wrote: >> Not claiming to have the solution at hand, but the best first step might be >> non-scolding, non-lock-related imagery that clearly and affirmativ' ely gets >> across that this is a *public* connection.

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Mon, Jul 21, 2014 at 8:50 PM, Eric Mill wrote: > Not claiming to have the solution at hand, but the best first step might be > non-scolding, non-lock-related imagery that clearly and affirmativ' ely gets > across that this is a *public* connection. I think you have the right idea. Keep in mind

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Not claiming to have the solution at hand, but the best first step might be non-scolding, non-lock-related imagery that clearly and affirmatively gets across that this is a *public* connection. Just brainstorming a bit here: * A charming low-fi icon of the all-seeing eye

Re: Proposal: Switch generic icon to negative feedback for non-https sites

> Best case: no one will notice it after the first few days. > Worst case: people notice it, and therefore start ignoring all https > authentication errors. > > Is there a way to make the best case better, without ending up at the worst > case? At least for Firefox, the gray broken lock icon optio

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Another complementary effort could be to ask apache and nginx to start to use SSL in their example default config. On Mon, Jul 21, 2014 at 4:11 PM, Chris Palmer wrote: > On Sun, Jul 20, 2014 at 7:08 PM, wrote: > >> So the general top criticism I'm seeing to this proposal is that it's too >> ex

Re: Proposal: Switch generic icon to negative feedback for non-https sites

Gotta start somewhere. I actually kind of like the idea of showing the current generic icon for self-signed ssl certificates, and the broken lock icon for insecure connections. On Mon, Jul 21, 2014 at 4:10 PM, Adrienne Porter Felt wrote: > I would very much like to make http sites look insecure.

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On Sun, Jul 20, 2014 at 3:23 AM, Hubert Kario wrote: > and while we're at it, let's get rid of those warnings about self > signed certificates -- they are less insecure than HTTP (Firefox actually > uses certificate pinning for sites with previously waived cert problems!) > so let's not treat the

Re: Proposal: Switch generic icon to negative feedback for non-https sites

- Original Message - > From: diaf...@gmail.com > To: mozilla-dev-security-pol...@lists.mozilla.org > Sent: Monday, 21 July, 2014 4:08:30 AM > Subject: Re: Proposal: Switch generic icon to negative feedback for non-https > sites > > So the general top criticism I'

Re: Proposal: Switch generic icon to negative feedback for non-https sites

gt; To: mozilla-dev-security-pol...@lists.mozilla.org > > >> Sent: Sunday, 20 July, 2014 4:39:09 AM > > >> Subject: Re: Proposal: Switch generic icon to negative feedback for > >> non-https sites > > >> > > >> On 7/19/2014 11:54 AM, Danie

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 20/07/14 06:23 AM, Hubert Kario wrote: > - Original Message - >> From: "David E. Ross" >> To: mozilla-dev-security-pol...@lists.mozilla.org >> Sent: Sunday, 20 July, 2014 4:39:09 AM >> Subject: Re: Proposal: Switch generic icon to negative fe

Re: Proposal: Switch generic icon to negative feedback for non-https sites

- Original Message - > From: "David E. Ross" > To: mozilla-dev-security-pol...@lists.mozilla.org > Sent: Sunday, 20 July, 2014 4:39:09 AM > Subject: Re: Proposal: Switch generic icon to negative feedback for non-https > sites > > On 7/19/2014 11:54 AM,

Re: Proposal: Switch generic icon to negative feedback for non-https sites

On 7/19/2014 11:54 AM, Daniel Roesler wrote: > Howdy all, > > Yesterday, I created a bug proposing that Firefox switch the generic > url icon to a negative feedback icon for non-https sites. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 > > I created this bug because it's time we star

Re: Proposal: Switch generic icon to negative feedback for non-https sites

A good idea, though you need to be careful. Just posted to the bug: What you definitely *don't* want to do is give the user such negative feedback that they stop noticing when there's a direct problem (insecure HTTPS). A grey unlocked padlock would be a nice way to ease people into the idea that

Proposal: Switch generic icon to negative feedback for non-https sites

Howdy all, Yesterday, I created a bug proposing that Firefox switch the generic url icon to a negative feedback icon for non-https sites. https://bugzilla.mozilla.org/show_bug.cgi?id=1041087 I created this bug because it's time we start treating insecure connections as a Bug. There is so much op