On Mon, Aug 17, 2015 at 10:27 AM, Richard Barnes <
rba...@mozilla.com>
wrote:
>
>
> wrote:
>
>> On Sun, Aug 16, 2015 at 5:35 AM, Hallvord Reiar Michaelsen Steen
>> <
hst...@mozilla.com> wrote:
>> > On Thu, Aug 13, 2015 at 6:09 PM, Richard Barnes <
rba...@mozilla.com>
>> wrote:
>> >
>> >> We (the security and UX teams) have been trying to get rid of the
>> globe in
>> >> favor of indicators that more explicitly indicate that the connection
>> was
>> >> not secure. We can't yet do that in the URL bar, but it seems like we
So I did my research, and it turns out that failed HTTP requests just
result in the globe icon. To be consistent with that, we would just show
the lock, or maybe a gray lock instead of green. I've updated the patch on
the bug to:
- Show a warning triangle for HTTPS we refuse to connect to
- Show a red square for the status when we can't connect (e.g., due to a
security or network failure)
That way we have two clear states for HTTPS (ok, weak, failure) and three
clear states for HTTP (nonsecure and failure), and any case where we fail
to connect is a red square. Obviously, you can distinguish between "red
square - failed to connect" and "red square - HTTP error" by the presence
of the HTTP error code.
This seems like a pretty clear iconography to me. In fact, much clearer
than what we have now, where there's no indication of failure when you fail
to connect to an HTTPS site.
--Richard