Firefox Nightly (or if you prefer, Firefox’s Developer Edition) just got a pretty interesting new feature, called the Security Panel.
Just 2 weeks ago, Jerod Santo blogged about browsers having a “security tab”, with an overview of the most common security best practices and checks. Craig Francis made an interactive demo to show it of.
The idea of a “security panel” appeared to be proposed by Joel Weinberger first and led to some discussion with Chris Palmer, after which Craig Francis made a first version of the panel.
And now, Firefox version 37 ships with a security panel.
The Network Monitor is the home of our other new tool, the security panel. Selecting a request in the network panel now displays a security panel in the request inspector. The panel reveals a list of information about the request’s connection, host, as well as the certificate used.
The security panel can help debug issues related to SSL protocol versions […] and can help ensure that sufficiently strong security measures are implemented.
Someone got what they wanted.
The Security Panel doesn’t show a lot just yet, but I like where this is heading. So far, we’ve got:
- SSL/TLS protocol and cipher suite used
- Certificate info (pretty useful summary)
- HTTP Strict Transport Security info
Jerod’s example went a lot further. It showed the Content Security Policy, Cross Site Request Forgeries, Cross Site Scripting, Frame Injection, …
What’s in Firefox right now is, I hope, just the start. Right now, the panel in itself isn’t all that useful. It’s information that you can gather from the browser already, just hidden in many different places.
Here’s what I’m hoping: that the security panel isn’t just a quick response to the request of more security features, but a real commitment. I’m curious how they plan on keeping it up-to-date. Even with the rapid Firefox releases, the security world is moving at a very fast pace. Today’s safe SSL configs are tomorrow’s POODLE.
Can browsers keep up? Will this give users a false sense of security, if that panel were to show all OK’s? Rumour has it, Chrome is working on a similar feature. What’ll they do different?