I'm not sure why it can't be evidence of both. Is it an offense by GoDaddy for which there should be repercussions from the root programs towards GoDaddy? No.
You're correct that it illustrates that EV has an enormous value gap in its current form. My own opinion is that I would rather see that fixed than no mechanism remain for tying websites to the physical world. I do not believe it is impossible to fix. On Wed, Apr 11, 2018 at 2:23 PM, Alex Gaynor <agay...@mozilla.com> wrote: > I disagree on what this is evidence of: > > It's evidence that the claimed benefits of EV (by CA, WRT phishing) do not > match the technical reality. As Ryan noted, as far as I'm aware this > certificate violates neither the BRs, nor the EVG. > > Alex > > On Wed, Apr 11, 2018 at 2:48 PM, Matthew Hardeman via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > >> Additionally, I think it's fair to say that I'm aghast that another CA >> (who by their inclusion in the Mozilla root program has agreed to stay >> abreast of developments on this list) has issued for the exact same entity >> and name that already led to significant controversy covered on this list >> less than a year ago. >> >> I believe that speaks to inattention to the list or failure to >> incorporate lessons learned from controversies on this list into issuance >> and/or validation practice. >> >> On Wednesday, April 11, 2018 at 1:19:03 PM UTC-5, Ryan Sleevi wrote: >> >> > Could you clarify what you're aghast at? >> _______________________________________________ >> dev-security-policy mailing list >> dev-security-policy@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-security-policy >> > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
