Wayne, Thanks for updating us on Mozilla's thinking on this issue. On behalf of the CA/Browser forum Validation Working Group, I would like to thank everyone for their time and contributions. We will be going over everyone's points and take them all into consideration as we look into what potential ways EV validation can be improved.
-Tim > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+tim.hollebeek=digicert....@lists.mozilla.org] On Behalf Of Wayne > Thayer via dev-security-policy > Sent: Monday, December 18, 2017 2:09 PM > To: Ryan Sleevi <r...@sleevi.com> > Cc: mozilla-dev-security-policy <mozilla-dev-security- > pol...@lists.mozilla.org> > Subject: Re: On the value of EV > > Thank you Ryan for raising this question, and to everyone who has been > contributing in a constructive manner to the discussion. A number of excellent > points have been raised on the effectiveness of EV in general and on the > practicality of solving the problems that exist with EV. > > While we have concerns about the value of EV as well as the potential for EV > to actually harm users, Mozilla currently has no definite plans to remove the > EV UI from Firefox. At the very least, we want to see Certificate Transparency > required for all certificates before making any change that is likely to > reduce > the use of EV certificates. > > Is Google planning to remove the EV UI from desktop Chrome? If so, how does > that relate to the plan to mark HTTP sites as ‘Not secure’ [1]? Does this > imply > the complete removal of HTTPS UI? > > While we agree that improvements to EV validation won’t remove many of > the underlying issues that have been raised here, we hope that CAs will move > quickly to make the EV Subject information displayed in the address bar more > reliable and less confusing. > > - Wayne > > [1] > https://security.googleblog.com/2016/09/moving-towards-more-secure- > web.html > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
