Meet Larry, Firefox's friendly passport officer

I recently spoke with Johnathan Nightingale, Mozilla's "Human Shield," the man who designed the security interface within Firefox 3. One of the big changes is how Firefox communicates the authenticity of a given site. Located on the left hand side of the address bar is a tiny icon associated with the site. Sites using Extended Verification Secure Socket Layers (EV SSL) go an additional step.

Nightingale explains: "If you go to PayPal.com, for instance, that will expand out and it'll say PayPal Inc USA because PayPal is a site that presents this enhanced identity information and so, because they're presenting it to the browser we can present it our users and if you click that button and you get a bunch of more information. You get this little site identity pop up basically. It'll tell you that this PayPal Inc is located in such and such a place in the United States, and there's even a 'more information' button that'll talk about your history with that site; how many times have you visited it before; all in an effort to help you understand whether this is the site you think it is and what the state of your relationship with that site is.

"Now, as for how Larry figures into all of that--the icon we chose to communicate this identity checking is a passport officer. When you click this icon, which is available on any Web site, whether it has completely verified identity information or no information at all, you can always click the button and find out more about the Web sites that you're interacting with. You'll always see the little passport officer to indicate that we're checking identity credentials right; we're looking into the site; we're trying to verify the information so we can present it to you so that you can make an informed decision about the sites that you're interacting with.

"A lot of sites these days aren't providing any identity information and that's okay. If you don't need to trust them, if you don't need to exchange any confidential information with them, then maybe you don't care if they're identifying themselves. But sites like banks or even government sites for that matter, we're hoping that as more and more of them deploy this extended identity information our users will have a much better sense of who they're interacting with and will develop a confidence that they're on the site they appear to be on."

So how did Larry get his name?

"I was doing the initial designs we had this passport guy in there and I was trying to find a way to introduce him to people and to talk about him and stuff. It gets sort of cumbersome to keep talking about the AIGA public domain icons or passport officer. He just seemed like a friendly guy to me and Larry seemed like a friendly name. I mean he's approachable, he's there to watch out for you, so it just made sense. It's not named after anyone in particular, although if there's Larry out there that wants to claim the title they're welcome to do so."

My entire interview with Johnathan Nightingale can be heard here.