> (The assurances on the relationship are similar to what we > have with non-EV certificates due to the race to the bottom.)
Not true. EV certificates offer almost nothing and in fact the added checks are worth less than the non-EV domain ownership check (never heard of a dodgy accountant) and are really a way to make companies worried about browser messages cough up money to the CAs, though there are other major issues with SSL. I could be wrong as I don't have an account but I believe the Google user account may be more verifiable than the additional non-EV checks as it is directly tied to a payment that can't be cash, though possibly a fraudulent payment or the account hijacked etc.. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________ -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
