Leo Grove via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>Are you referring to EV Code Signing certificates? I agree that needs to be >addressed in another forum, but this discussion in on EV SSL/TLS and their >value (or lack thereof) in the browser UI. Browsers do not support EV Code >Signing in the UI as far as I know. > >It's been documented that EV Code Signing certificates are on the black >market. Did you see the same thing for EV SSL/TLS? Yes, you can buy both, I used the code-signing EV one because I happened to have a screenshot handy from a writeup I'm working on. In addition, EV code- signing certs are much higher value, particularly when they come with SmartScreen ratings, because they give you instant malware execution on a billion plus systems, while EV web site certs are kinda meh. So EV code signing is the holy grail, the hardest to get, and yet they're readily available on the black market. EV web site certs are an afterthought in comparison, "we also have those if you want 'em". Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
