On Fri, 23 Aug 2019 15:53:21 -0700 (PDT), Daniel Marschall wrote: > Can you proove that your assumption "very few phishing sites use EV (only) > because DV is sufficient" is correct? I do think the truth is "very few > phishing sites use EV, because EV is hard to get".
Before browsers started showing dire warnings on non-secure pages, basically no phishing site bothered with SSL at all, since their target audience simply didn't notice anything wrong. -- begin .sig < Jernej Simončič ><>◊<>< jernej|s-ng at eternallybored.org > end _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy