Discuss visual differentiation between secure and insecure mode

Question

Discuss visual differentiation between secure and insecure mode

Opened this issue 10 years ago · 2 comments

Answer 1 · 2015-03-10T17:24:20.000Z

Comment received to mandate visual differentiation between secure and insecure mode and to mandate highlighting address bar and displaying additional icon to announce secure browsing.

Opened issue to discuss visual differentiation. Typically there is a lock and color change in modern browsers; however, these visual cues are not security controls.

Answer 2 · 2015-03-16T16:35:06.000Z

Security concern relates to certificate validity. Rejected visual differentiation. Refer to security concerns addressed in App PP (FIA_X509_EXT.1, FCS_HTTPS_EXT.1, and FCS_TLSC_EXT.1).