We still know it, right?
But why remove it? Well, I’m hearing that it’s because nobody was looking at it! Or because it doesn’t mean that the site is secure just because it’s https!
Well, let’s start from the back… It’s rubbish! If one says that an EV certificate (yes, only EVs had the green address bar) is not proof of trust, one might as well say that Bill Gates had no more money than a homeless person!
The attention… I would have done it so that all certificate types become their own colour… Like so:
- Free certs (Let’s Encrypt, ZeroSSL, Google Trust Services, CloudFlare etc) = Leave the current symbol
- Payed certs (Digicert, Sectigo, GeoTrust etc) = Would be filled out
-
- DV = Light grey (much lighter than the current lock symbol)
-
- OV = Orange
-
- EV = Take again
green(without the banner)
- EV = Take again
The thing is, since one removed the green lock, or rather, since the locks have no colour(s) (anymore), nobody pays any attention to them anymore! And what does that mean? Exactly! Certificates have even less value than before!
This means that not only do CAs suffer, but so do their resellers!
Therefore the final question: Would it be possible to induct said colours?
Should this really be inducted again, one should place notices somewhere that inform everyone about it (so that the whole thing does not simply happen again)