On Mon, 11 Dec 2017, Ryan Sleevi via dev-security-policy wrote:
I suppose this is both a question for policy and for Mozilla - given the ability to provide accurate-but-misleading information in EV certificates, and the effect it has on the URL bar (the lone trusted space for security information), has any consideration been given to removing or deprecating EV certificates?
Fix the EV GUI not to hide the hostname part of the URL, and retain the display of the company name. Unless you are going to invent a new namespace, there isn't anything to gain by removing EV. It's still better than not having EV, even if it is a second race to the bottom after the DV race. Paul _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy