Karl Dubost schrieb:
Henri,
great points, about…
Le 14 avr. 2015 à 19:29, Henri Sivonen <hsivo...@hsivonen.fi> a écrit :
Currently, the UI designation for http is neutral while the UI
designation for mixed content is undesirable. I think we should make
the UI designation of plain http undesirable once x% the sites that
users encounter on a daily basis are https.
What about changing the color of the grey world icon for http into something
which is more telling.
An icon that would mean "eavesdropping possible". but yes UI should be part of
the work.
I believe we could think about potentially starting with only marking
HTTP that contains any script as insecure. There's much less danger of
evesdropping or other stuff on completely static HTML+CSS that doesn't
contain any scripts or iframes or somesuch. Of course, we'd need to get
some data to find out if completely static/passive sites vs. those with
scripts etc. make any significant difference in terms of how many sites
are affected.
KaiRo
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
