Show current connection security via the padlock
As useful as it is to look at the certificate in use, I wonder if it would be better to replace the link to open the cert, or add a link to reveal the current security info of the site you are on, where the cert can also be opened.
Currently there is no convenient way for regular users to see this important info, which I would argue is more important that just seeing the cert.
To access it you must open the dev tools and go to the security tab.
I would also consider displaying the current cipher under the link to open the cert , like this
I feel like that would require reimplementing the whole panel, as the current one seems to be just taken out of Chromium (and implemented with a different programming language).
There is also the question of usefulness - how many people would care about this? Pretty sure more people care about whether the connection is insecure or mixed, not what cipher it uses.
I think this feature would be more suitable for an extension.
Things like this are no longer possible as an extension, which is why HTTPS Everywhere lost a bunch of the security features it used to add.
An extension would also run a whole new instance of the browser, which is totally overkill for such a feature.
As for usefulness I remember people saying similar things about showing any form of HTTPS or cert info at all, due to worry that users won't understand.
Users lack understanding because they are kept in the dark all the time. This is the big difference between the old Amiga world and the Windows world.
On the Amiga OS you get lots of visual feedback and so learn passively what the normal operation to expect is.
When the feedback differs from normal or shows something unusual, you do not need to be an expert to realise something is amiss and needs to be checked.
Lets say you land on a site and see the message in the browser that the encryption has been downgraded. What does this mean ?
Downgraded from what to what, and where does the user see that this is normal or abnormal behaviour for the site in question ?
Unless a user tests the site they do not know what cyphers should normally be in use on a site they frequent.
Just having a small amount of visual feedback somewhere obvious is enough to teach people to pay attention.
It can help all of us spot if something has been compromised in the browser or site.