Corey Bonnell via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>the effectiveness of the EV UI treatment is predicated on whether or not the >user can memorize which websites always use EV certificates *and* no longer >proceed with using the website if the EV treatment isn't shown. That's a huge >cognitive overhead for everyday web browsing In any case things like Perspectives and Certificate Patrol already do this for you, with no overhead for the user, and it's not dependent on whether the cert is EV or not. They're great add-ons for detecting sudden cert changes. Like EV certs though, they have no effect on phishing. They do very effectively detect MITM, but for most users it's phishing that's the real killer. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy