Open James-E-A opened 4 years ago
I'm thinking "no" for the TLS MITM gateways, tbh
I'm just rounding these all up to "eye icon with a fuchsia badge" and calling it appropriately chosen.
(Third-party "Proper Root CAs", though, are another matter—at some point, I'll let the user manually review these per #2, but, in the meantime, I think CAcert is the only game in town [EDIT: seealso #20], so I've just hardcoded it in as an "alt" which gets tagged with a cyan badge.)
However, for self-signed, I'd love to be able to gatekeep these and certify them, but Mozilla has blocked me on this front.
Suggestion: Check for securityInfo.state=="insecure" && url.protocol=="https:"
, and display a separate indicator for that, possibly with a link in the details to view this issue?
Thread opened with Mozilla; fingers crossed!
don't put any pleasant logos representing non-Mozilla-approved certificates in the UI without a badge, ever!
Actually, I think we'll reverse this: have a particular badge which does display to certify Mozilla-approved connections (and badge others differently, nevertheless, to prevent spoofing).
This will also visually differentiate it from the badge-less "uninitialized" state.
I'll have to do a bit of cross-platform testing (and maybe offer a fallback), but the fox face emoji seems to work as a perfect badgeText
, looking great with both LimeGreen
and #00ff000000
badgeBackgroundColor
s.
https://bugzilla.mozilla.org/show_bug.cgi?id=1549605#c25
has there been any thought given to whether the "secure" indicator (green padlock) should be given a different appearance? It's not specific to the current political situation, of course. I'd love to see a more obvious visible difference between "gmail.com, signed by Google" and "gmail.com, signed by Your Company's IT Department" (or of course "signed by Your Government's Secret Police").
When I add a per-site security exception for a self-signed cert, I get a black/dark-gray padlock with an overlaid yellow "warn" triangle. Would that be "too severe" for a user-installed root CA?
we need them
consider starting out just hard-coding in all these: https://www.g2.com/products/zscaler-internet-access/competitors/alternatives until we get around to implementing #2
however—
don't put any pleasant logos representing non-Mozilla-approved certificates in the UI without a badge, ever!