> > Finally, what have you actually done to address EV revocation? You clearly > didn't bother to tell Commonwealth Bank: > > https://www.commbank.com.au/ > > One of the largest banks in Australia that their EV status would evaporate > in Chrome. So what did you do to inform your customers about this?
As Jacob Bohm has said in his reply, Google's proposal to remove EV status for Symantec certificates has *nothing* to do with this report. Furthermore, the issue you have brought up with Commonwealth Bank has *nothing* to do with *either* of the two separate issues Symantec is currently dealing with. It also has nothing to do with Commbank.com.au being "hacked," as you have written on your website <https://blog.aractus.com/the-commonwealth-bank-loses-its-green-bar/>. It is simply a bug, related to an OID included in the certificate. This has been documented by Chrome <https://bugs.chromium.org/p/chromium/issues/detail?id=705285>. You can test this by visiting https://www.commbank.com.au/ in Chrome Canary, which has fixed the bug, and returned the green address bar to the site. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy