Yellow padlock is losing its trusted status :(

[Guest]

[OmeletGuy]

Greetings all,

Since this thread is about Yellow Padlock I'm posting here, but please move it if you find that another place is more appropriate.

It is just I never saw this combination before at Comodo forum site

where “Certified & Authentic” is actually “unauthenticated” and “does not provide ownership”

...which means … 

Cheers!

That means that there is a link to a outside source of data. (a example would be my signature, it will trigger that Alarm/result).

[SiberLynx]

That means that there is a link to a outside source of data. (a example would be my signature, it will trigger that Alarm/result).

Thanks for quick reply, OmeletGuy.

I see 

... and... indeed! your signature must trigger the Alarm! 

Cheers!

[Melih]

Congratulations Comodo forum for your new green padlock.

thanks for noticing...

now you can see our forum and trust what you see with https://forums.comodo.com  Comodo Forums are now EV protected!

Melih

[Toggie]

It's much better than the insignificant padlock, but to be honest I get green, blue and other colours in the address bar I still think something better is needed than colour coding. The only reason I now it's a safe site is because I have code is my userChrome.css to show me.

[EricJH]

What is the blue padlock for? What type of validation? I don't remember having seen it before.

[Bad Frogger]

Hi Eric,

"What is the blue padlock for? What type of validation?"

In Firefox 3.5 address bar -

Grey = Not encrypted or only partially encrypted content on page.
Blue = DV type cert, encrypted content, site ID not ensured.
Green = EV cert, encrypted content and ensured ownership ID.

So, Comodo now has EV cert on Forum. Shows Green on any page without external links.
But like as noted above this particular page shows only Grey in address bar, and Red exclamation on Padlock icon. Because of the link to imageshack or someones sig.
Firefox can't display Green due to page containing this unauthenticated content.

Now if I could get my bank to go Green/EV. Thank Gawd Comodo for VEngine.

Later
Bad

[EricJH]

Thx for filling me in on the blue padlock. I am using Opera, may be that explains I have never seen a blue one? Does anybody know?

[SSL Guru]

Hi,

Having read this topic it still seems that a lot of people don't know what the padlock
or colours the browser put up actually mean.

Is anything being done by browser providers to highlight to 'joe public', in simple terms, what they
see when browsing secure pages?

ie, maybe a balloon that opens up on secure pages over the padlock or colour bar and asks the
user 'know what this is?' or 'tell me more about this'.
An option that can be activated or de-activated by the user.

The visible indications of security are all well and good, but not if the person browsing doesn't understand
what they are seeing.

So, my point is 'user education'.......anything in the pipeline to educate the user?
That is without them having to install yet more add-ons.

Garry

[thammu]

Its News to me. Thanks for the info.

[Katharine]

I'm pretty sure that when I get to an encrypted page my browser offers me a tiny "what does this mean?" popup.  But at that point I am so focused on completing my encrypted session that I swat it down.  Next time I see one I'll actually read it and report back.

[SS26]

Melih, thank you for education.
btw, i think "SSL losing its trust" is rather provocative title  - the first time i read i thought it is about encryption breach in SSL/TLS.

------------------------------------------------

In Firefox 3.5 address bar -

Grey = Not encrypted or only partially encrypted content on page.
Blue = DV type cert, encrypted content, site ID not ensured.
Green = EV cert, encrypted content and ensured ownership ID.

thanks for this info

[Melih]

Melih, thank you for education.
btw, i think "SSL losing its trust" is rather provocative title  - the first time i read i thought it is about encryption breach in SSL/TLS.

------------------------------------------------thanks for this info

Well, encryption without authentication is useless. Encryption is about allowing only the intendent receipient to read the message. If you don't know who the recipient is then you could be encrypting it for the fraudster and you wouldn't know...so without authentication encryption becomes useless.

Melih

[Endymion]

I guess there is no browser which natively distinguish OV-SSL from DV-SSL certs.


Even firefox show the same blue bar of DV ssl certs for https://www.microsoft.com/ whose cert ought to be an OV one as Organizational info about Microsoft is included in the certificate details thus allowing users to confirm the identity of the recipient

[SS26]

Well, encryption without authentication is useless. Encryption is about allowing only the intendent receipient to read the message. If you don't know who the recipient is then you could be encrypting it for the fraudster and you wouldn't know...so without authentication encryption becomes useless.

Melih

You provided a link to real-world example (in some of your earlier messages). Here is that link. I think the example could help understand case better (hence i repeated your link here)

[DerekS]

To illustrate the point:
https://www.e-abbey.com/bankhome/

However, at the other end of that link is not Abbey Bank, despite what it looks like 

Earlier is was https://www.clydesdalebplc.com/en-gb/, but not Clydesdale bank.

Before that ...

Yes, a serious problem. While we are still trying to teach the ordinary user to at least look for a padlock, the rules have changed even before they learnt the lesson.

Why does the phrase consumer confusion jump to mind?

[Tags:]