I don’t see how you can argue that the EV “seatbelt” breaks 100% of the time.
I know my bank uses an EV cert. Any time I come across a site claiming to be
my bank but lacking an EV cert, and my browser shows me that distinction, is a
time when the seatbelt saves me, through that extra signal that alerts me that
something isn’t right. If that goes away, there is unequivocally going to be a
non-zero number of people who will be phished who would not have been phished
with the UI present.
If the only choices are to remove the UI or not, then the question to resolve,
I’d think, is: are more people being phished today because the UI is there,
relative to the number who would be phished in a tomorrow where it is not?
Only then would it make sense to remove it. Of course there are a lot of
variables to unpack to figure that out, but it’s not the black and white
decision you paint here; removing it WILL be hostile to some number of users.
On 12/15/17, 4:08 PM, "dev-security-policy on behalf of Ryan Sleevi via
dev-security-policy"
<dev-security-policy-bounces+tshirley=trustwave....@lists.mozilla.org on behalf
of dev-security-policy@lists.mozilla.org> wrote:
>
>Some might define user-hostile as, for example, a reduction of
>functionality without suitable replacement in sight.
>
Except it's not a reduction of functionality, no more than removing a
seatbelt that breaks 100% of the time in car accidents is removing a safety
feature.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
