On Wed, Mar 8, 2017 at 10:14 PM, Richard Wang <rich...@wosign.com> wrote: > Why we setup one EV OID for all roots is that we use the same policy for all > EV SSL certificate no matter it is issued by which root. The policy OID is > unique ID > > If Google use the GlobalSign EV OID, and GlobalSign also use this EV OID, > this means two companies use the same policy? > > It is better to do a test: Google issue a EV SSL certificate from this > acquired root using the GlobalSign EV OID, then check every browser's UI > display info, to check if that info will confuse the browser users.
Richard, I'll make this easier: Go to https://good.sca1a.amazontrust.com/ and https://good.sca0a.amazontrust.com/ in Safari and Microsoft IE/Edge. Tell me which CA issued the certificates for those sites. (Note that we don't send SCTs on those sites right now, so they aren't treated as EV in Chrome, and we are still pending for EV in Mozilla) Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy