If you look at the phishing data feeds and correlate them with EV certificates, you'll find out that Tim's "speculation" is right.
In my experience, it's generally a bad idea to disagree with Tim Shirley. -Tim > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+tim.hollebeek=digicert....@lists.mozilla.org] On Behalf Of Tim > Shirley via dev-security-policy > Sent: Wednesday, December 13, 2017 3:35 PM > To: r...@sleevi.com > Cc: mozilla-dev-security-pol...@lists.mozilla.org; Gervase Markham > <g...@mozilla.org> > Subject: Re: On the value of EV > > No, I’m not presuming that; that’s why I put the ? after never. I’ve never > heard > of any, so it’s possible it really is never. But I’m pretty confident in at > least the > “rare” part because I’m sure if you knew of any you’d be sharing examples. ;) > > > From: Ryan Sleevi <r...@sleevi.com> > Reply-To: "r...@sleevi.com" <r...@sleevi.com> > Date: Wednesday, December 13, 2017 at 5:03 PM > To: Tim Shirley <tshir...@trustwave.com> > Cc: Gervase Markham <g...@mozilla.org>, "mozilla-dev-security- > pol...@lists.mozilla.org" <mozilla-dev-security-pol...@lists.mozilla.org> > Subject: Re: On the value of EV > > "The very fact that EV certs are rarely (never?) used" is, of course, > unsubstantiated with data. It's a logically flawed argument - you're presuming > that non-existence is proof of non-existence. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/1mqhGL6xJbzNGRpvF0vTa3WSnEAQZQF > 5K8VgNSFvl4s=?d=gqGQYeASiQy2N3lU7K- > sEhOlQFbmNC2fxAOHBYelo4XflHuD2J9CzlFlH1A4n9gPmfRm7PO65FrdOoGfE > G4_NkKF6- > 8MK2zsOPqWmmn1vGp6Vnisxb3aI7shACwoWBG13n7WdXQU7nSrm_tFvcoN > 9O0NKUrlWvavx4iSGiiXzsDv01k8TE8-Yo_fPj- > 3jovLn9wEG58glLeHrORIeDZBuxW2AhHJoW4MJTAlfEcVHypFeL1oqs8zKB9LvE > VIUjqp3uKWLp2zpjq2Kig_eG7zbANgxreRmS4W7SCFZQXf6wwvzxDRQsu0mq- > AEES6RX6E2oLIYUPGOm92xX7muZtDJiATEc4W4zkWK-OgxI-llU1e4nM-gBlD- > MdN6MEdFgK31iyhAmp9nahN24LYmBIOZcmZtNEVVi8xWXSKfZ4HRQ94ZCQx > mxlJBA%3D%3D&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev- > security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
