Are we going to remove support for this pref in a subsequent release? Am Mo., 12. Aug. 2019 um 10:05 Uhr schrieb Johann Hofmann < jhofm...@mozilla.com>:
> In desktop Firefox 70, we intend to remove Extended Validation (EV) > indicators from the identity block (the left hand side of the URL bar which > is used to display security / privacy information). We will add additional > EV information to the identity panel instead, effectively reducing the > exposure of EV information to users while keeping it easily accessible. > > Before: > > > After: > > > The effectiveness of EV has been called into question numerous times over > the last few years, there are serious doubts whether users notice the > absence of positive security indicators and proof of concepts have been > pitting > EV against domains <https://www.typewritten.net/writer/ev-phishing/> for > phishing. > > More recently, it has been shown <https://stripe.ian.sh/> that EV > certificates with colliding entity names can be generated by choosing a > different jurisdiction. 18 months have passed since then and no changes > that address this problem have been identified. > > The Chrome team recently removed EV indicators from the URL bar in Canary > and announced their intent to ship this change in Chrome 77 > <https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/h1bTcoTpfeI>. > Safari is also no longer showing the EV entity name instead of the domain > name in their URL bar, distinguishing EV only by the green color. Edge is > also no longer showing the EV entity name in their URL bar. > > > > On our side a pref for this > (security.identityblock.show_extended_validation) was added in bug 1572389 > <https://bugzilla.mozilla.org/show_bug.cgi?id=1572389> (thanks :evilpie > for working on it!). We're planning to flip this pref to false in bug > 1572936 <https://bugzilla.mozilla.org/show_bug.cgi?id=1572936>. > > Please let us know if you have any questions or concerns, > > Wayne & Johann > _______________________________________________ > firefox-dev mailing list > firefox-...@mozilla.org > https://mail.mozilla.org/listinfo/firefox-dev > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
