[PLUG] Secure Web Pages Without Indicators?
Carlos Konstanski
ckonstanski at pippiandcarlos.com
Fri Aug 3 18:04:01 UTC 2007
On Fri, 3 Aug 2007, Rich Shepard wrote:
> Date: Fri, 3 Aug 2007 09:54:58 -0700 (PDT)
> From: Rich Shepard <rshepard at appl-ecosys.com>
> To: plug at pdxlinux.org
> Subject: [PLUG] Secure Web Pages Without Indicators?
>
> For those of you who administer e-commerce web systems: how is it possible
> for a page to be encrypted with SSL and still display the open lock with red
> slash on the address bar?
>
> I thought that all secured pages changed the background color of the
> address bar to beige/yellow and the icon to a closed lock. But, I've come
> across several sites -- all running on some Microsoft OS and applications --
> that do not provide this security assurance.
>
> Rich
Yahoo mail does something similar too. The URL is http://, but a packet
trace shows gibberish. There is this one header. I wonder if it has
anything to do with the encryption mechanism?
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM
DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND
PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Carlos Konstanski
More information about the PLUG
mailing list