Discuss visual differentiation between secure and insecure mode
Opened this issue · 2 comments
japit commented
Discuss visual differentiation between secure and insecure mode
japit commented
Comment received to mandate visual differentiation between secure and insecure mode and to mandate highlighting address bar and displaying additional icon to announce secure browsing.
Opened issue to discuss visual differentiation. Typically there is a lock and color change in modern browsers; however, these visual cues are not security controls.
japit commented
Security concern relates to certificate validity. Rejected visual differentiation. Refer to security concerns addressed in App PP (FIA_X509_EXT.1, FCS_HTTPS_EXT.1, and FCS_TLSC_EXT.1).