Web user agents MUST make information about the state of TLS protection available. The [defn TLS indicator] SHOULD be part of primary user interface during usage modes which entail the presence of signalling to the user beyond only presenting page content. Otherwise, it MUST at least be available through secondary user interface. Note that there may be usage modes during which this requirement does not apply: For example, a Web browser which is interactively switched into a no-chrome, full-screen presentation mode need not preserve any security indicators in primary user interface. User interactions to access the TLS indicator MUST be consistent across all Web interactions. This includes when TLS has not been used to protect those interactions. In this case, web user agents SHOULD indicate the interaction was not TLS protected. User agents with a visual user interface that make the TLS indicator available in primary user interface SHOULD do so in a consistent visual position.
variant 2) The TLS indicator SHOULD have exactly two states. One state SHOULD indicate that the web page that the user interacts with currently is a Strongly TLS protected page. The other state SHOULD indicate that the connection is not Strongly TLS protected. The indicator MAY have an additional state to indicate that the connection is protected with an AA certificate.
variant 3) The TLS indicator MUST present a state that is only for strongly TLS protected pages. The TLS indicator SHOULD differentiate between a page that is weakly TLS-protected, and one that has no TLS protection at all.
variant 4) The TLS indicator MUST have exactly two states. One state MUST indicate that the web page that the user interacts with currently is a Strongly TLS protected page. The other state MUST indicate that the connection is not Strongly TLS protected.