Follow-up to Get a fantastic web browser, and set a Guinness World Record from The randomness of tomorrow, today!
Writing about web page http://www.spreadfirefox.com/en-US/worldrecord/
Firefox 3 really builds on the archaic padlock; the little icon that shows the connection is encrypted. In Firefox 2, it is located at the right of the address bar and looks like this:
All this tells you is that the connection is encrypted; it doesn't tell you who's at the other end. You can be sure that the data probably won't be intercepted, but you can't be sure it's going to who you think it is.
Firefox 3, however, not only supports the more recent certificates that can prove the identity, but it also presents them in a much more user-friendly manner.
Unencrypted websites look like this:
A grey background to the favicon area, and a popup when you click on it that informs you my website is unencrypted.
If the website is using the older type of certificate, the ones without identity information, you see this:
A blue background, and a popup that tells you the connection is encypted but that Firefox doesn't know who's in control.
Finaly, the new certificates look like this:
A green background, and a popup that can tell you who's on the other end. Plus, it also put the identity in the favicon area. so isn't as obvious
A secondary advantage of this is that fake sites that try to trick you with padlock favicons shouldn't work, because they can't change the background and FF3 doesn't use padlocks.
This is much more useful than just a padlock, especially since you might think the padlock meant "safe", when all it really meant was "encrypted"; it didn't protect you against fake sites with encryption.
Opera has a similar system; is displays the ID, but since it doesn't use colours it isn't quite as obvious what level you're at. It also doesn't appear to have quite as readable an explanation as Firefox.
Apparently Firefox 3 also has a warning that uses the guy on a yellow background for invalid certificates, and the guy on a red background for reported phishing sites... but I don't know any URLs that will trigger them for a screenshot. There are more details, and screenshots of these other two, at this blog entry.