SSLPersonas

Bruce Morton

 

SSLPersonas is a Firefox extension that adds a little color to your secure browsing experience. When browsing an SSL protected web-site, the extension provides in-your-face visual feedback regarding the security of the site via a theme in the Firefox chrome at the top and bottom of the browser interface. The themes are as follows:

  • Green indicates that you are on a website secured by an EV SSL certificate.

    Green theme (click to enlarge)

  • Blue indicates that you are on a website secured by a valid non-EV SSL certificate issued by a certification authority trusted by your browser.
  • Orange indicates that the website you are on is only partially secure, probably due to mixed content (secure and unsecure). These websites are vulnerable to mixed content attacks such as session hi-jacking.

I was also looking for enhanced indications for SSL certificates are expired or have been revoked, but it appears that the developer is satisfied with the user interface that Firefox natively provides.

This extension may be useful to unsophisticated users (e.g., your Mom) that you want to keep safe. Just tell her to only put in her personal information when the themes are green or blue. If the theme is orange, then it is best if Mom not use that site.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

0 Comments

Add to the Conversation