…also, domain is <sub-thing>-<main-thing>, whereas the path is <main-thing>-<sub-thing>
-
-
Replying to @jaffathecake
…have a think about how you'd tell a non-technical user how they know https://www.halifax.co.uk/gsa/search.asp?q=credit+cards&site=Halifax_PSR_Personal&filter=p&client=halifax_psr&proxystylesheet=halifax_psr&ie=UTF-8&ulang=&access=p&sort=date:D:L:d1&entqr=3&entqrm=0&wc=200&wc_mc=1&oe=UTF-8&ud=1&start=60 … is their bank.
4 replies 0 retweets 2 likes -
-
Replying to @tommorris
yeah. Shame it comes to that. Lots of $$$ for those.
1 reply 0 retweets 0 likes -
Replying to @jaffathecake
A bank should hopefully be able to afford an EV cert.
1 reply 0 retweets 0 likes -
Replying to @tommorris
sure, I used a bank as an example, but was talking more generally about web security.
1 reply 0 retweets 0 likes -
Replying to @jaffathecake @tommorris
UX issue. Domain plus lock should work. Domain long term when insecure is gone. Anything else is distraction.
1 reply 0 retweets 1 like -
I also really hope EV goes away. Deciding based on Name plus Jurisdiction plus Domain is harder than just Domain.
1 reply 0 retweets 1 like -
User also has to remember site uses EV. So many variables. Now if EV was some global dotless name scheme…
1 reply 0 retweets 2 likes -
: EV is a scam.
/cc @annevk @tommorris
-
-
yep. Maybe we should just display a chip that's the bit before the TLD + the TLD. Eg [ github.io ]
4 replies 0 retweets 0 likes -
coupled with public suffix. And the lock for as long as non-HTTPS exists. Only Safari does this…
1 reply 0 retweets 0 likes - 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.