Comments on: Firefox 3: Site Identification button

By: Jayson

Jayson — Sat, 28 Jun 2008 18:58:51 +0000

I also second (third, fourth) the objection about self-signed certificates; many web control panels, eg plesk, self-sign (or at least have to option to offer self-signed certificates). It also looks like the yellow state works in a similar way to how Google malicious site blocker works - by interrupting the browsing session. I think a lot of the smaller commerce sites will be “broken” by this feature.

By: Eric

Eric — Wed, 25 Jun 2008 12:45:52 +0000

I found the yellow bar very useful and I am extremely disappointed to see it gone.

The yellow bar was never meant to distinguish between “good” and “evil” sites - it was only there to show that the communication with the site is encrypted. I think it did that job very well and would have liked it to stay. People are used the the yellow indicator for encryption. Why remove it? I don’t understand the thinking here and think that the decision to remove it is flawed.

I also agree with VanillaMozilla above re. self-signed certificates. Encryption and identification are two different things. Why block access to an encrypted site just because the encryption is done by the site owner?

Also - how would I know that the button is clickable? It is not very obvious. I had no idea until I started searching for info about the missing yellow location bar.

By: Chris

Chris — Fri, 06 Jun 2008 16:34:03 +0000

On the Mac, the text in the green identity button is 1px higher than the URL. Was this intentional? It doesn’t appear to be that was on Windows.

By: Mozilla in Asia » Blog Archive » Firefox 3: UTF-8 support in location bar

Fri, 23 May 2008 08:17:43 +0000

[...] smart location bar (a.k.a. Awesomebar), the new bookmarks functionality, color profile support, the site identification button, the 3 new themes, to name just a [...]

By: meandering wildly

meandering wildly — Wed, 21 May 2008 16:23:36 +0000

[...] it can be hard to tell your bank’s real web site from one of these fakes. Firefox 3 includes some features to help you do that, but really, it would be far better to just not go there in the first place. That’s why we keep [...]

By: Sorensen

Sorensen — Mon, 19 May 2008 06:16:53 +0000

Thanks for a, at least for me, very educational article. I have recently updated my Linux dist to Ubuntu 8.04. Mozilla Firefox 3 beta 5, the default browser of this dist, has the identity button. But strangely they have made the background of the button permanently grey. So absolute no information unless one actually move the cursor over the button. Maybe the colors did not match the Ubuntu folks color scheme!? Anyhow it is quite unfortunate - though not your problem ;-)

By: Eddy Nigg

Eddy Nigg — Mon, 19 May 2008 02:03:13 +0000

To mario:

If no third party which is known and has proved to validate domain name ownership (at least) no certificate is worth the digital paper it’s written on. Otherwise the MITM will simply use also a self-signed which you’ll click through…Except with the new scheme where you add a specific certificate for a specific site, in which case it’s your risk if you talk to a MITM, but it will certainly alert you if it happens in the future at some point.

To Bodi:

This certainly doesn’t happen with any recent Firefox browser. You must be using a different product then…This CA is in later 1.5 versions on upwards.

By: » Secure banking The Chris Gonyea Project

» Secure banking The Chris Gonyea Project — Sun, 18 May 2008 14:51:12 +0000

[...] site identification button now shows up green when I log into my online banking page. They also now use 256-bit [...]

By: Chat Marchet News Digest » The Identity Button - Firefox 3’s New Security UI

Fri, 16 May 2008 05:14:45 +0000

[...] The whole scoop. This entry was posted on Friday, May 16th, 2008 at 2:12 am and is filed under le Chat Marchet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. [...]

By: VanillaMozilla

VanillaMozilla — Tue, 13 May 2008 16:52:33 +0000

Two bug reports filed:
Bug 433412 – “Larry” button (site ID) needs an informative icon
Bug 433422 – Self-signed SSL certificates should not be labeled as “invalid”

Sorry for the comment spam.