Author Topic: Yellow padlock is losing its trusted status :(  (Read 49408 times)

Offline OmeletGuy

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2914
  • Dragon Theme Maker
Re: Yellow padlock is losing its trusted status :(
« Reply #15 on: July 06, 2009, 01:49:06 AM »
Greetings all,

Since this thread is about Yellow Padlock I'm posting here, but please move it if you find that another place is more appropriate.

It is just I never saw this combination before at Comodo forum site

where “Certified & Authentic” is actually “unauthenticated” and “does not provide ownership”

...which means …  ???

Cheers!

That means that there is a link to a outside source of data. (a example would be my signature, it will trigger that Alarm/result).
System Details: W8.1-64bit | 16GB DDR3 | Intel Core I7-4710MQ[at]2.5Ghz to 3.5Ghz | CIS 8.2 | Geforce 840M

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2194
Re: Yellow padlock is losing its trusted status :(
« Reply #16 on: July 06, 2009, 01:54:13 AM »
That means that there is a link to a outside source of data. (a example would be my signature, it will trigger that Alarm/result).
Thanks for quick reply, OmeletGuy.

I see  :-TU

... and... indeed! your signature must trigger the Alarm!  ;D

Cheers!
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14647
    • Video Blog
Re: Yellow padlock is losing its trusted status :(
« Reply #17 on: July 15, 2009, 09:24:21 AM »
Congratulations Comodo forum for your new green padlock. :)

thanks for noticing...

now you can see our forum and trust what you see with https://forums.comodo.com  Comodo Forums are now EV protected! :)

Melih

Toggie

  • Guest
Re: Yellow padlock is losing its trusted status :(
« Reply #18 on: July 15, 2009, 09:51:06 AM »
It's much better than the insignificant padlock, but to be honest I get green, blue and other colours in the address bar I still think something better is needed than colour coding. The only reason I now it's a safe site is because I have code is my userChrome.css to show me.


Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24579
Re: Yellow padlock is losing its trusted status :(
« Reply #19 on: July 15, 2009, 01:17:57 PM »
What is the blue padlock for? What type of validation? I don't remember having seen it before.

Offline Bad Frogger

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1511
Re: Yellow padlock is losing its trusted status :(
« Reply #20 on: July 15, 2009, 02:20:36 PM »
Hi Eric,

"What is the blue padlock for? What type of validation?"

In Firefox 3.5 address bar -

Grey = Not encrypted or only partially encrypted content on page.
Blue = DV type cert, encrypted content, site ID not ensured.
Green = EV cert, encrypted content and ensured ownership ID.

So, Comodo now has EV cert on Forum. Shows Green on any page without external links.
But like as noted above this particular page shows only Grey in address bar, and Red exclamation on Padlock icon. Because of the link to imageshack or someones sig.
Firefox can't display Green due to page containing this unauthenticated content.

Now if I could get my bank to go Green/EV. Thank Gawd Comodo for VEngine.

Later
Bad
CIS    Firefox  NoScript  Please remember to follow The Forum Policy.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24579
Re: Yellow padlock is losing its trusted status :(
« Reply #21 on: July 15, 2009, 02:31:34 PM »
Thx for filling me in on the blue padlock. I am using Opera, may be that explains I have never seen a blue one? Does anybody know?

Offline SSL Guru

  • Comodo's Hero
  • *****
  • Posts: 320
  • Retired Comodo Global Support Manager
    • Dağcılar Sitesi
Re: Yellow padlock is losing its trusted status :(
« Reply #22 on: July 19, 2009, 08:34:58 AM »
Hi,

Having read this topic it still seems that a lot of people don't know what the padlock
or colours the browser put up actually mean.

Is anything being done by browser providers to highlight to 'joe public', in simple terms, what they
see when browsing secure pages?

ie, maybe a balloon that opens up on secure pages over the padlock or colour bar and asks the
user 'know what this is?' or 'tell me more about this'.
An option that can be activated or de-activated by the user.

The visible indications of security are all well and good, but not if the person browsing doesn't understand
what they are seeing.

So, my point is 'user education'.......anything in the pipeline to educate the user?
That is without them having to install yet more add-ons.

Garry
“You have to be odd to be number one”
Dr. Seuss

Offline thammu

  • Newbie
  • *
  • Posts: 1
Re: Yellow padlock is losing its trusted status :(
« Reply #23 on: July 23, 2009, 12:36:58 AM »
Its News to me. Thanks for the info.

Offline Katharine

  • Comodo Member
  • **
  • Posts: 42
Re: Yellow padlock is losing its trusted status :(
« Reply #24 on: July 23, 2009, 11:55:40 AM »
I'm pretty sure that when I get to an encrypted page my browser offers me a tiny "what does this mean?" popup.  But at that point I am so focused on completing my encrypted session that I swat it down.  Next time I see one I'll actually read it and report back.

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: Yellow padlock is losing its trusted status :(
« Reply #25 on: August 13, 2009, 10:34:30 AM »
Melih, thank you for education.
btw, i think "SSL losing its trust" is rather provocative title :)  - the first time i read i thought it is about encryption breach in SSL/TLS.

------------------------------------------------
In Firefox 3.5 address bar -

Grey = Not encrypted or only partially encrypted content on page.
Blue = DV type cert, encrypted content, site ID not ensured.
Green = EV cert, encrypted content and ensured ownership ID.
thanks for this info
« Last Edit: August 13, 2009, 10:38:03 AM by SS26 »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14647
    • Video Blog
Re: Yellow padlock is losing its trusted status :(
« Reply #26 on: August 13, 2009, 11:44:51 AM »
Melih, thank you for education.
btw, i think "SSL losing its trust" is rather provocative title :)  - the first time i read i thought it is about encryption breach in SSL/TLS.

------------------------------------------------thanks for this info

Well, encryption without authentication is useless. Encryption is about allowing only the intendent receipient to read the message. If you don't know who the recipient is then you could be encrypting it for the fraudster and you wouldn't know...so without authentication encryption becomes useless.

Melih

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: Yellow padlock is losing its trusted status :(
« Reply #27 on: August 13, 2009, 12:27:39 PM »
I guess there is no browser which natively distinguish OV-SSL from DV-SSL certs.


Even firefox show the same blue bar of DV ssl certs for https://www.microsoft.com/ whose cert ought to be an OV one as Organizational info about Microsoft is included in the certificate details thus allowing users to confirm the identity of the recipient ???

[attachment deleted by admin]
« Last Edit: August 13, 2009, 12:50:50 PM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline SS26

  • Comodo's Hero
  • *****
  • Posts: 1925
Re: Yellow padlock is losing its trusted status :(
« Reply #28 on: August 15, 2009, 04:14:41 PM »
Well, encryption without authentication is useless. Encryption is about allowing only the intendent receipient to read the message. If you don't know who the recipient is then you could be encrypting it for the fraudster and you wouldn't know...so without authentication encryption becomes useless.

Melih
You provided a link to real-world example (in some of your earlier messages). Here is that link. I think the example could help understand case better (hence i repeated your link here) :)

Offline DerekS

  • Newbie
  • *
  • Posts: 3
Re: Yellow padlock is losing its trusted status :(
« Reply #29 on: November 24, 2009, 06:13:52 PM »
To illustrate the point:
https://www.e-abbey.com/bankhome/

However, at the other end of that link is not Abbey Bank, despite what it looks like  :o

Earlier is was https://www.clydesdalebplc.com/en-gb/, but not Clydesdale bank.

Before that ...

Yes, a serious problem. While we are still trying to teach the ordinary user to at least look for a padlock, the rules have changed even before they learnt the lesson.

Why does the phrase consumer confusion jump to mind?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek