There is no difference in weak verified certificates and stronger (for sure, there are still some lacks possible, no-one is perfect) validated certificates. As your browser tries to focus on security and especially on the users, help them to get a piece of trust in the internet again. So showing weak certificates in e.g. yellow (meanwhile self-signed ones are red) would be helpful and to differentiate EV as green. I believe anyone knows the signals on the road and can differ in red, green, yellow and if stating the additional information in the dialogue or address bar, everyone will be comfortable with. Or (alternative) show the lock for encryption and the well known and established checkmark for validation (e.g. referring to facebook, twitter and coming WhatsApp verified identities).
@heutger do you think this is really necessary considering Google is going to or already has began blocking sites from being accessed unless they have HTTPS connection and it’s likely that other browser will follow suite for similar security concerns?
Sure. Google is stupid, HTTPS is more than encryption. HTTPS in the beginnings from the inventor of SSL had the idea to show a certificate not only to encrypt traffic (otherwise certs would not have been required at all and a handshake would be enough) but also verify identity as the internet is anonymous. Trust is a big issue online and EV certificates are one solution to establish trust. Googles plan are for sure, they want to tell us, who is trustful… However, it’s not how the world works. The world has passports, the world has TUVs, the world has BBB etc. as there is always the need of an independent third party to verify, validate and provide an trust anchor.
I think another user is suggesting the same thing in Design + some functionallity.
Somehow similar, correct
Similar but not quite.
It sounds like @heutger wants to be informed as to how secure the connection is. Is that correct?
Yes, more like how reliable is the connection (how valid is the information of the server, I’m connected to), e.g. Google is doing a worse job here. Showing “secure” for only encrypted may normal users mislead to expect, that this connection is secure and it’s safe to give credentials, credit card details or sth. similar. So there may be phishing sites, they are the best victim for. I hope, that your browser tries to establish more security and won’t want to mislead users, so I would be happy with an indicator of identity validation level done. Looking at Safari in the dialogue then it’s also shown that company x validates, that company y has proofed its identity.