On Fri, Dec 15, 2017 at 4:50 PM, Tim Shirley <tshir...@trustwave.com> wrote:
> I don’t see how you can argue that the EV “seatbelt” breaks 100% of the > time. I know my bank uses an EV cert. Any time I come across a site > claiming to be my bank but lacking an EV cert, and my browser shows me that > distinction, is a time when the seatbelt saves me, through that extra > signal that alerts me that something isn’t right. If that goes away, there > is unequivocally going to be a non-zero number of people who will be > phished who would not have been phished with the UI present. > And if someone wanted to phish your bank, they can obtain a cert that appears as your bank. So that extra signal can be spoofed, thus even in your case, does not provide value. > If the only choices are to remove the UI or not, then the question to > resolve, I’d think, is: are more people being phished today because the UI > is there, relative to the number who would be phished in a tomorrow where > it is not? Only then would it make sense to remove it. No, that's not the 'only' thing that would make sense to remove it. It also perpetuates the myopic and flawed view as a phishing mitigation, whose reliance is upon users checking it (again, user hostile), and misleading both users and site operators into EV as a phishing mitigation, when we do have more effective means that require less cognitive investment by users and offer more reliable signals for sites (c.f. WebAuthN or Credentials API) It intentionally ignores whether "Are people being harmed today because the UI is there" - both those who believe (such as yourself) that it incorrectly prevents phishing, as well as those who are confused by the complicated UI and the implications of the various states. > Of course there are a lot of variables to unpack to figure that out, but > it’s not the black and white decision you paint here; removing it WILL be > hostile to some number of users. Removing it will make some users sad. Those users are relying upon the UI to guarantee the things the UI does not guarantee. Removing it will feel like a guarantee has been removed. The guarantee never existed, so the guarantee is not being removed. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy