Jakob Bohm via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>Problem example: >[...] You're explaining how it's supposed to work in theory, not in the real world. We have a decade of real-world data showing that it doesn't work, that there's no benefit from EV certificates apart from the one to CA's balance sheets. So the browser vendors are doing the logical thing, responding to the real-world data and no longer pretending that EV certs add any security value, both in terms of protecting users and of keeping out the bad guys - see the attached screen clip, in this case for EV code-signing certs for malware, but you can buy web site EV certs just as readily. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
