On Thu, Apr 12, 2018 at 11:40 AM, Eric Mill <e...@konklone.com> wrote:
> > That's not accurate -- the EV information presented to users was not > misleading. It correctly described Ian's registered company. The > certificate was incorrectly revoked. We should probably be discussing > whether punitive measures are appropriate for this revocation. > > -- Eric > > That turns on your definition of "misleading", however. It's entirely possible to be 100% accurate with factual statements and yet present them in a light that is absolutely "misleading". Did the certificate present incorrect factual data? No. Does a user on the Internet who believes he is dealing with "Stripe" expect that he's dealing with that particular Stripe which processes payments? Yes, in general. If you're an internet user and the name Stripe is presented one of two reactions will arise: 1. You're not aware of any Stripe at all. - or - 2. You've used Stripe on one of a great many website to pay. If you remember the name at all, you remember and expect Stripe to be that particular stripe. It's misleading to present the name "Stripe" to an Internet user if you don't mean that particular Stripe. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
