On Apr 24, 2012, at 8:51 AM, beltzner wrote:
> Nothing in the bug or security review indicates that any discussion was had about the risks of re-introducing the padlock in terms of giving users a false sense of security for devalued domain and organization validated certificates. As such, I'm not sure what rationale -- aside from the desire to remove the redundant padlock and the need to replace it with something -- led to the change. I was hoping that someone could explain that a little bit, so that if a debate is had about the merit of the change we're all acting under the same context.
I'd love this explanation as I'll have to recreate it in our documentation.
On Apr 24, 2012, at 12:47 PM, alex_mayorga wrote:
> I believe the padlock was reintroduced on the assumption that the icon being "chrome" now it is not possible to easily spoof it using a favicon (something we lost when the status bar was removed).
Again, I'd love to get some insight into that discussion. It seems to me that a padlock favicon in the tab may not be all that distinguishable for some people from a padlock in the identity block.