Security/Reviews/IdentityBox

Please use "Edit with form" above to edit this page.

Item Reviewed

New Idenity Box Design
Target
   
     Full Query    
   
ID Summary Priority Status
612253 Need a shortcut key to focus the input line in web console P2 VERIFIED
742419 Implement new identity block design (lighter weight with a generic icon) -- RESOLVED

2 Total; 0 Open (0%); 1 Resolved (50%); 1 Verified (50%);

{{#set:SecReview name=New Idenity Box Design

|SecReview target=

Full Query
ID Summary Priority Status
612253 Need a shortcut key to focus the input line in web console P2 VERIFIED
742419 Implement new identity block design (lighter weight with a generic icon) -- RESOLVED

2 Total; 0 Open (0%); 1 Resolved (50%); 1 Verified (50%);

}}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • We will remove the favicon from the Firefox address bar and replace it with a generic icon in http and mixed content scenarios. Use a grey lock in https, and a green lock in https+ev. The verified domain will be hidden in https. The verified identity will be visible in https+ev.

What solutions/approaches were considered other than the proposed solution?

  • current state

Why was this solution chosen?

  • to make the state of pages clearer to users

Any security threats already considered in the design and why?

`

Threat Brainstorming

{{#set: SecReview feature goal=* We will remove the favicon from the Firefox address bar and replace it with a generic icon in http and mixed content scenarios. Use a grey lock in https, and a green lock in https+ev. The verified domain will be hidden in https. The verified identity will be visible in https+ev. |SecReview alt solutions=* current state |SecReview solution chosen=* to make the state of pages clearer to users |SecReview threats considered=' |SecReview threat brainstorming=* "Your connection to this website has been encrypted to prevent eavesdropping."

}}

Action Items

Action Item Status Complete
Release Target `
Action Items
<td[DONE] done
Who bug Action By When Completed date

[NEW] new [DONE] Done [MISSED] Miss

UX bug 747093 A blog post about how moving the display of favicon.ico from the area supplying trusted information from the browser, to the tab, protects users. during Beta [DONE] done
jaws bug 747090 Change the icon for mixed content by Beta for FF 14 [DONE] done
jaws bug 747088 Don't include https:// in the mixed content case by FF15, or sooner if possible. [DONE] done
jaws bug 747087 Make the https:// black (to match the domain color) in the https non-ev case by FF15 [DONE] done
jaws bug 747085 Make the https: green in the https ev case by FF15 (not a security requirement) [DONE] done
jaws bug 747083 Make the lock icon darker for the non-ev case by FF15
Full Query
ID Summary Priority Status
747083 Update the identity icons to have a darker lock icon for HTTPS and greener lock icon for HTTPS+EV. -- RESOLVED
747085 Make the https:// green in the https ev case -- RESOLVED
747087 Make the https:// black (to match the domain color) in the https non-ev case -- RESOLVED
747088 Don't include https:// in the location bar in the mixed content case -- RESOLVED
747090 Change the icon for mixed content -- RESOLVED
747093 Favicon blog post -- RESOLVED

6 Total; 0 Open (0%); 6 Resolved (100%); 0 Verified (0%);

{{#set:|SecReview action item status=Complete

|Feature version=`

|SecReview action items=

<td[DONE] done
Who bug Action By When Completed date

[NEW] new [DONE] Done [MISSED] Miss

UX bug 747093 A blog post about how moving the display of favicon.ico from the area supplying trusted information from the browser, to the tab, protects users. during Beta [DONE] done
jaws bug 747090 Change the icon for mixed content by Beta for FF 14 [DONE] done
jaws bug 747088 Don't include https:// in the mixed content case by FF15, or sooner if possible. [DONE] done
jaws bug 747087 Make the https:// black (to match the domain color) in the https non-ev case by FF15 [DONE] done
jaws bug 747085 Make the https: green in the https ev case by FF15 (not a security requirement) [DONE] done
jaws bug 747083 Make the lock icon darker for the non-ev case by FF15
Full Query
ID Summary Priority Status
747083 Update the identity icons to have a darker lock icon for HTTPS and greener lock icon for HTTPS+EV. -- RESOLVED
747085 Make the https:// green in the https ev case -- RESOLVED
747087 Make the https:// black (to match the domain color) in the https non-ev case -- RESOLVED
747088 Don't include https:// in the location bar in the mixed content case -- RESOLVED
747090 Change the icon for mixed content -- RESOLVED
747093 Favicon blog post -- RESOLVED

6 Total; 0 Open (0%); 6 Resolved (100%); 0 Verified (0%);

}}