On Sun, Aug 18, 2019 at 01:35:55PM -0700, Daniel Marschall via dev-security-policy wrote: > Am Sonntag, 18. August 2019 07:18:56 UTC+2 schrieb Matt Palmer: > > [...] From what I can see so far, > > browser vendors aren't "ending" EV certificates, a couple of them are merely > > modifying their UIs guided by relevant research into the efficacy (or lack > > thereof) of the current UI. > > Matt, I don't understand this. Isn't removing the UI bling the same as > "removing" EV from the browser?
Yes, but removing EV from the browser isn't the same as ending EV certificates, which is what was claimed in the message I responded to. > I guess that EV will eventually ended by the Customers/CAs. We'll have to leave it to the invisible hand of the market to sort that out. If CAs cease issuing EV TLS/SSL certificates, it will presumably be because customers are no longer buying them, and customers will cease buying them if there is no perceived value in them, which is what CAs have repeatedly said isn't the case. So CAs ceasing to issue EV TLS/SSL certificates will be a confirmation that, in fact, EV TLS/SSL certificates had no value beyond the UI "bling", as you call it, which the research overwhelmingly indicates is of trivial value. > I just looked at Opera and noticed that they don't have any UI difference > at all, which means I have to open the X.509 certificate to see if it is > EV or not. So that's one more browser vendor that sees no value in "UI bling" for EV certificates. It almost makes Firefox and Chrome look like the laggards in this decision, rather than the harbingers of a new era. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy