Issue metadata
Sign in to add a comment
|
EV sites not labeled "Secure" but non-EV sites are
Reported by
andredem...@gmail.com,
Sep 12 2016
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2853.0 Safari/537.36 Steps to reproduce the problem: 1. Visit https://github.com/ (uses EV cert.) 2. Visit https://about.gitlab.com/ (uses non-EV cert.) 3. Compare the security indicators of the two sites. What is the expected behavior? Sites with extended validation (EV) certificates should appear to be at least as secure as sites using standard DV or OV certificates. What went wrong? Version 55 adds the text "Secure" beside the lock icon for TLS-enabled sites, in the same place where the organization name is displayed for EV sites. This deprives EV sites of the "Secure" reinforcement given to other sites. Did this work before? Yes <55 Chrome version: 55.0.2853.0 Channel: dev OS Version: 6.3 Flash Version: Shockwave Flash 23.0 r0 Perhaps the long-term plan is to remove the "Secure" label when non-TLS sites are labeled as insecure, but in the meantime, EV sites should look as secure as non-EV sites. "Secure | GitHub, Inc. [US] | https://github.com"
,
Sep 13 2016
Thank you for the feedback. This is our intended design for now. There isn't enough room to put both the organization name and "secure" for EV.
,
Sep 13 2016
Also note that clicking on the organization name will show "Secure connection" at the top of the bubble.
,
Nov 24 2016
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Sep 13 2016Owner: f...@chromium.org
Status: Untriaged (was: Unconfirmed)