On 11/7/05, William A. Rowe, Jr. <wrowe@xxxxxxxxxxxxx> wrote: > The biggest problem is that you can't identify connection upgrade in the > scheme name - so there's no good user interface to help the user request SSL > upgrade where available and when desireable, and there's not a really good > way to reinforce to the user that their 'http://foo.example.com' site is > truly secure (except the little locky icon in the status bar). So GUI > browser developers have so far ignored this quandry. The extra S in the scheme is even harder to spot then the lock. But Firefox changes the background color of the entire address bar from white to yellow. That's a pretty good indication to me.
|