On Thu, Apr 12, 2018 at 12:54 PM, Matthew Hardeman <mharde...@gmail.com> wrote: > > Because the common Internet user who has any awareness of the name Stripe > will expect that reference to be to the particular Stripe that processes > payments and that they've likely interacted with before. >
This is a patently distateful argument based on broad generalizations that do not hold any merit. I realize you've acknowledged your argument is fundamentally a popularity contest, but it seems to really base its core on "Whoever Matthew Hardeman doesn't think should have a certificate" - because there's zero data to support your claim that "will expect", or a definition of what constitutes a "common Internet user" (especially in a global context). I realize it sounds compelling, but you're making up strawmen to support that argument, and the core is an opposition to some people being able to get (EV) certificates as a result. > In the DNS space, this is an extremely complex, nuanced issue, with the >> whole Uniform Domain-Name Dispute Resolution Policy established, in part, >> to try to put parties on semi-equitable footing. The current approach being >> taken by CAs lacks that, lacks the transparency, and lacks the neutrality - >> all things one would expect from such policies. >> > > There's no reason to make it that complex. EV is an enhancement, not a > requirement. The displayed name should be the issued to that party which > the largest majority of users recognize that name as being affiliated with. > So the rules are made up and the certificates are meaningless, then, since it's all a popularity contest with shifting requirements based on made up ideas. It's certificate Calvinball, and it's a rather silly game to play because of it. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
