On Thu, Apr 12, 2018 at 2:57 PM, Eric Mill <e...@konklone.com> wrote: > > > Of course, that would break his proof-of-concept exploit. Which is the >> right outcome. It demonstrates that an EV certificate used in a manner >> which might cause confusion will be revoked. They're not stopping him from >> publishing. He can still do that, without the benefit of an EV certificate. >> > > The stripe.ian.sh site itself is not likely to cause confusion, and was > not an exploit. Here's what stripe.ian.sh looks like right now: >
(Inline images don't appear to play too well with m.d.s.p, so I've attached the image to this email.) -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy