My vote is still for maximum consistency with Firefox 3.6 (including the solid blue / 
green blocks of colour that intrude into the URL bar for maximum visibility).

I'm more that happy to re-evaluate at a half-way house though :)

Using blue rather than green for non-EV would be more consistent with Firefox but would 
violate what seemed to be an agreement on everyone's part that blue was lame and 
meaningless and we wanted green for both.

I'm actually not too concerned about the exact colour. Green for both is fine. What I 
would like, is a solid block of background colour for both. It's very noticeable if 
missing. Foreground colours just don't cut it.

OK, I already listed that in the third section of bullet points, as my impression was 
that we wanted to take things piece-at-a-time.

Followup after some local testing: We definitely need a UI treatment of that right edge 
area.  In normal https mode things look fine, but in EV mode the cert holder name runs 
right into the (also green) "https" and things just look weird.  Either we need more 
spacing or a divider, or we should go ahead and do the green-background Firefox-style 
UI immediately.  If we do the latter, I still need a treatment, so I know whether to 
just have a flat green background, or use an image or gradient like Firefox does.

Could you also design a less scary way to report the
"unable to check whether the server's certificate was revoked" error?
There is a screen shot of this error in  Issue 27125 .

This error means Chrome cannot obtain the revocation status for the
server's certificate from the CA.  Chrome is the only browser that
reports this error, so some users think this is Chrome's problem.

Could you consider to show the name of issuing CA, for example like in IE. There are still 
problems with several CAs that you possibly not want to trust as much as a proper CA. 
Displaying the name of the CA is give the user the possibility the make this choice.

For example:
http://files.cloudprivacy.net/ssl-mitm.pdf
http://www.networking4all.com/en/support/tools/site+check/comodo/

Also it noticed me that you could hide the company name (EV) by just creating a long URL. 
(version 5.0.371.0)

A green color for non EV is not file, this will give a domain validated cert the same trust 
as a Extended Validation cert and this would be horrible!

wtc: I think you should ping the UI leads and get them involved over on  bug 27125  
directly.  I don't want to morph this issue to cover that.

 Issue 41146  has been merged into this issue.

Attached mockup. Peter, this fit your description correctly?

	Screen shot 2010-04-12 at 4.33.14 PM.png 117 KB View Download

quick thoughts:

- the green on green looks odd and is low contrast
- what do you think of move the "untrusted website" text to the left size where we put 
EV information?

Attached is my current local checkout.  Things to note:

* I've made the padding between everything be "correct" as far as being equal on all 
sides, etc.  To my eyes, the topmost address bar looks somewhat visually cluttered, 
in that the reload, globe and text are all very close together.  I wouldn't be 
opposed to adding another pixel on each side of the location icon.

* As I noted in comment 5, the EV case looks like a bunch of run-together text, so we 
definitely need something like the mock in comment 10 for this.  What I don't like 
about the mocked EV treatment is that the "pill" doesn't look like our tab-to-search 
pill, in that I'd make it have a flat green background, a darker green border, and 
black text.  This would also address comment 11 point 1.

* I'm not a big fan of the broken-https appearance either (note that it implements 
comment 11 point 2).  I would personally get rid of "Untrusted website" altogether, I 
think it adds nothing and our UI would be clearer and more consistent without it.  
There are other possible fixes, like giving it a "red pill", but ugh.

	current.png 199 KB View Download

being a bit OT here, but can some one please explain to me WHY was "http://" removed?
it makes it VERY hard to copy/paste URL!
this is a serious UI regression.
if this is kept, I'll have no choice, other then go back to Firefox, where things do 
work as expected.
Sorry for the ranting, but this has been making me hard to us chromium for the last 
few day, and seeing as you guys plan to put this as a Feature, not a Bug, I'm getting 
very worried

Removing http:// from the steady-state display does seem like a step backwards to me.
  I can understand the desire for a streamlined view for some users, but could it
perhaps be made an option, so that those that do want it to be present can keep it? 

 Issue 41317  has been merged into this issue.

 Issue 41318  has been merged into this issue.

I don't mind removing the http protocol from the display, yea it makes it look a 
little sexier.  But I agree copy/pasting messes me up.  Perhaps it can be a 
configurable option?  Even if it's disabled by default?

If you paste rich text, you'll essentially be pasting the following:

<a href="http://foo.bar/">foo.bar</a>

The text will be as it appeared in the omnibox but the href will include the http.

If you paste plain text you'll get:

http://foo.bar/

>> If you paste rich text, you'll essentially be pasting the following: <a 
href="http://foo.bar/">foo.bar</a>

This is a bold move that will confuse a lot of people with no practical benefit. What's 
the rationale? To save 7 characters? 

I'm sorry Linus, but not all apps are rich text aware! not being able to do something 
as simple as pasting a (valid) linkified URL from a browse toolbar, is sensless to me.
keep in mind, the UI change to please users, but at least when clicking it and/or 
using keyb shortcut (ctrl+l), make the full canonical URL appear.

Thanks in advance

This bug is not about removing "http".  Mentioning that in passing on comment 0 does 
not imply that this is the bug about that or that debating the behavior here is 
acceptable.

Use chromium-discuss@chromium.org to debate this.  This particular bug is about other 
changes, and we need to be able to converse and get work done in a short time frame 
without a lot of noise on this bug.

Updated mock: greater contrast on green token, matching blue token with similar style, removed "untrusted 
website" I think the skull is enough :)

	Proxy-icons-2.png 104 KB View Download

Good grief.  Removing http:// is extremely short-sighted.  Many blogs, message 
boards, email viewing software, instant messaging software, etc. depend on matching 
against http:// to auto-link URLs.  Removing http:// will train end-users to omit it, 
which will have a negative impact on usability all over the web.

Also, as a developer & Linux user, rich text means nothing to me, since I'm usually 
copying & pasting to either a plain text editor, or to an xterm.  I very much do not 
want this.

Seriously, URLs were invented for a reason.  Don't break them.

The security implications alone of removing http:// is sufficient reason why it is a
dumb idea.

Also, why should an unauthenticated HTTPS site look scarier than an unauthenticated 
HTTP site?  At least the former will thwart passive eavesdropping.

how will this impact other uri's? like ftp:// ? and will copying them allow the http 
to be preserved? e.g. click input bar ctrl+a ctrl+c ctrl+v elsewhere results in say 
http://www.google.com instead of just www.google.com? I assume if we type 
http://www.google.com it will just remove http:// once we hit enter but still go to 
the appropriate uri.

Has everyone become illiterate?  This bug has NOTHING to do with removing http.

Wouldn't it be more visually appealing to have the SSL Corporation name right-
justified in the Address Bar? I'm looking at the green rectangle "Bank Of America 
Corp." is in, in "Proxy-icons-2.png"

Pkasting, this has everything to do with removing http.  If you don't think it does, 
please inform the person who merged all the other bug reports into this one.

As for the other folks, I'm fairly certain devs are really, really smart people and 
this will probably be a configurable option in the future.  This is why it's a dev 
build.

better to remove www. than http://

How about making it an choice under options? :) 

If a subset of users are requesting an option for it

Instead of making it a choice in options, how about making it a command line flag? 
and then you don't even have to make a UI for it! :-)
(although I don't know if this would be more difficult)

_Personally_ (the issues I starred all got merged here) I have already had to type 
http:// into notepad++ several times, it is getting annoying and its only one day 
after you removed it! I would get used to the appearance, but I liked it better the 
old way :-)

(I forgot to add that the reason I have had to type http:// into notepad++ is because I 
normally copy and paste from autocomplete not from the URL once the page has loaded, 
which doesn't copy the http:// to plain text)

It's funny that bugs saying "Protocol missing in address box (no http://)" were duped to this 
bug, but this bug is not supposed to be about missing http. lol.

This bug was _never_ about removing http.  There is no good reason why any bugs about 
that were duped to this one.  Since people cannot seem to understand that however many 
times one says it, this bug is now closed, and I've taken the work we're doing on it 
elsewhere.

Congratulations for wasting the time of a lot of Chrome engineers.