User:Sardisson/EV

From Camino Wiki
Jump to navigation Jump to search

Now that Safari 3.2 has joined the parade of “coloured-lights security theatre,” it seems likely that soon we will need to follow suit.

Existing Usages

  • Safari implements EV by showing the EV certholder name in green adjacent to the lock icon in the titlebar (and by showing the cert chain in the cert info sheet/window) [1]
  • Firefox of course takes over the left half of the location bar with a massive green button containing the EV certholder name (clicking on which brings up a faux-HUD panel with the domain, certholder name and address, and CA, and a graphic) [2]
    Firefox also removed the use of the yellow location bar to denote SSL connection
  • WinIE turns the entire location bar green, and takes over the bulk of the right half of the location bar with a button that alternates(!) between the EV certholder name and the CA name (which have vastly different lengths). Hovering the button displays additional details; clicking on the additional details displays even more details. [3]

Specification-dictated Requirements

  • CABforum guidelines do not set forth any sort of UI spec for browser vendors (there are, however, some clauses relating to indemnification for showing an expired or invalid cert, or failing to show a valid cert)
  • Guidelines merely mention that [4]:
    "Subject Organization information from Valid EV Certificates may be displayed in a special manner by certain relying-party software applications (e.g., browser software) in order to provide users with a trustworthy confirmation of the identity of the entity that controls the website they are accessing."

Analysis of Existing Usages

  • Firefox and IE have very heavy, invasive UI
    • Firefox's UI makes everything in the location bar a moving target, breaking muscle memory
  • Safari's UI may not be prominent enough (though it also does not suit Camino, as our security UI does not live out-of-the-way in the titlebar)
  • Our UI should be useful without getting in the way, minimally intrusive while still visually indicating the presence of an EV cert. Ideally our UI:
    • Won't take over large and variable amounts of space in the location bar
    • Won't break muscle memory/cause UI elements to move about depending on the absence or presence of an EV cert
    • Won't require us to start hacking the titlebar
    • Won't slavishly copy other browsers
    • Won't depend on users understanding one or more color choices, in the location bar or elsewhere

Proposals

  • Sam and Jasper once proposed a sort of "well" to the right of the location bar at one point to hold the lock icon, feed icon, and something else (cookies?); we could expand upon this idea.
  • Attach to the location bar a well (or other UI holder) that contains a green checkmark when visiting a site with EV; hovering shows a tooltip with certholder name and CA. Clicking brings up the existing cert window (with new EV features) or an improved Page Info panel.
    Note: if EV has to rely on users comparing the site url/site name to the certholder name, EV is broken. If EV does not prevent issuing certs in homograph cases, EV is broken and useless (see prior point; users aren't going to read/compare). Users rely on browser vendors to ensure them that the site they think is PayPal really is PayPal.
  • Add the certholder name and CA to the context menu of the lock and/or the green checkmark.
  • If we must show the certholder name, perhaps we could attach a panel-like object to the bottom of the location bar during/after pageload, which will fade away n seconds after the tab has finished loading and the tab has been focused. Clicking on the checkmark could show the panel again (or show the more detailed information)
  • A floating, green, button-like widget that was sized in proportion to the certholder. This would be similar to the feed icon but obviously larger. In it, we'd put either a checkmark or a lock icon either on the right or left (not sure which is better). Keeping the location bar background yellow is optional, though preferred by me. Something like this (not to scale; 1 is favicon, 2 is feed icon):
 __________________________________________________________________________
| ____                                     ____   ________________________ |
||    |                                   |    | |                      _ ||
|| 1  | http:// site here                 | 2  | | certholder, company |_|||
||____|                                   |____| |________________________||
|__________________________________________________________________________|