Welcome to WebmasterWorld Guest from 18.104.22.168
joined:Sept 2, 2017
Just tested one of my Let's Encrypt https pages with an old smartphone from 2011.
Several warnings about the certificate had been shown.
[edited by: Peter_S at 9:06 pm (utc) on Sep 3, 2017]
if people get used to seeing these warnings, they may start ignoring most warnings.Well I don't expect anyone will be ignoring Not Secure right up there in the address bar.
Well I don't expect anyone will be ignoring Not Secure right up there in the address bar.
i usually don't look at the address bar.
assuming for the sake of discussion that people even look at the address bar? Well that's what this entire thread is about.
Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria.[blog.chromium.org...]
That would be like crossing a street without looking. Pretty dangerous.
joined:May 3, 2017
As I said, at this point nearly all of the warnings I see are for https sites. Either for non-secure content (bottom of screen) or invalid or expired certificates (popups in center of screen.
I didn't understand your remark. What kind of other warnings are you expecting to see?
P.S. In my opinion, a popup warning in the center of the screen, as happens with invalid or expired certificates, is far more likely to scare away visitors than is a non-secure label in the address bar, which many people won't even notice anywayIndeed. As it should be.
My point is that, in general browsing, I see far more warnings at https aites than at http sites /.../
What kind of other warnings are you expecting to see?Warnings on HTTP sites that say “this site is not secure: anyone could read your cookies”. That's the step that hasn't come yet.
So either people are crying wolf or the end of the world is coming.Remember Y2K? As it developed, it became a no-win situation: either everyone takes the trouble to successfully address all issues in good time--and then people blather about it being an imaginary made-up hypothetical non-problem--or someone somewhere fails to address some issue--and then there is a problem. Either way, you can't win.
Chrome and Firefox are going to require that all certificates issued in October 2017 and onward will have to be logged in CT logs or they won't be trusted.