Security/Reviews/IdentityBox
Jump to navigation
Jump to search
Please use "Edit with form" above to edit this page.
Item Reviewed
| New Idenity Box Design | |
| Target | |
{{#set:SecReview name=New Idenity Box Design
|SecReview target=
- https://bugzilla.mozilla.org/show_bug.cgi?id=742419
- https://bug742419.bugzilla.mozilla.org/attachment.cgi?id=612253
}}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- We will remove the favicon from the Firefox address bar and replace it with a generic icon in http and mixed content scenarios. Use a grey lock in https, and a green lock in https+ev. The verified domain will be hidden in https. The verified identity will be visible in https+ev.
What solutions/approaches were considered other than the proposed solution?
- current state
Why was this solution chosen?
- to make the state of pages clearer to users
Any security threats already considered in the design and why?
`
Threat Brainstorming
- "Your connection to this website has been encrypted to prevent eavesdropping."
- That statement makes me very uncomfortable, as encryption doesn't prevent eavesdropping: it attempts to protect a combination of confidentiality and integrity, depending on the algorithms chosen. I think this is an important distinction, not a pedantic argument, as it can lead users to assume a false level of security. I'm not sure what the right words to use are - a different question - but I believe that these are not it. If we change this, it's something we'll want to do a blog post explaining. - adamm
- Out of scope for this review, the Larry dialog is a separate effort.
{{#set: SecReview feature goal=* We will remove the favicon from the Firefox address bar and replace it with a generic icon in http and mixed content scenarios. Use a grey lock in https, and a green lock in https+ev. The verified domain will be hidden in https. The verified identity will be visible in https+ev. |SecReview alt solutions=* current state |SecReview solution chosen=* to make the state of pages clearer to users |SecReview threats considered=' |SecReview threat brainstorming=* "Your connection to this website has been encrypted to prevent eavesdropping."
- That statement makes me very uncomfortable, as encryption doesn't prevent eavesdropping: it attempts to protect a combination of confidentiality and integrity, depending on the algorithms chosen. I think this is an important distinction, not a pedantic argument, as it can lead users to assume a false level of security. I'm not sure what the right words to use are - a different question - but I believe that these are not it. If we change this, it's something we'll want to do a blog post explaining. - adamm
- Out of scope for this review, the Larry dialog is a separate effort.
}}
Action Items
| Action Item Status | In Progress | |||||||||||||||||||||||||||||||||||
| Release Target | ` | |||||||||||||||||||||||||||||||||||
| Action Items | ||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
{{#set:|SecReview action item status=In Progress
|Feature version=`
|SecReview action items=
| Who | bug | Action | By When | Completed date
[NEW] new [DONE] Done [MISSED] Miss |
| UX | bug 747093 | A blog post about how moving the display of favicon.ico from the area supplying trusted information from the browser, to the tab, protects users. | during Beta | [NEW] new |
| jaws | bug 747090 | Change the icon for mixed content | by Beta for FF 14 | [NEW] new |
| jaws | bug 747088 | Don't include https:// in the mixed content case | by FF15, or sooner if possible. | [NEW] new |
| jaws | bug 747087 | Make the https:// black (to match the domain color) in the https non-ev case | by FF15 | [NEW] new |
| jaws | bug 747085 | Make the https: green in the https ev case | by FF15 (not a security requirement) | [NEW] new |
| jaws | bug 747083 | Make the lock icon darker for the non-ev case | by FF15 | [NEW] new |
}}