On Thu, Aug 29, 2019 at 8:54 PM Kirk Hall via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> What the heck does it mean when sometimes you say you are posting "in a > personal capacity" and sometimes you don't? It sounds like you were very prescient in your inability to remember things, as you mentioned at https://groups.google.com/d/msg/mozilla.dev.security.policy/cCeLZuxAOvQ/iM1cbmxjDgAJ Hope that helps explain how things work. I sometimes include it to help jog the memory of folk who tend to forget, so sorry that the extra reminder sounds like it might have confused you. > does GSB use any EV certificate identity data in its phishing algorithms. > My understanding is that the answer is yes, > That's a good question, but I'm not sure where your understanding came from! I was hoping you could share more, since that would definitely be the easiest way to confirm it. It sounds like you're not sure, and you don't have any evidence handy. If you can find out more information, can you report back? It seems like you have some contacts or some information that led you to your conclusion, I'm sure there is no one more effective or efficient at finding an answer than you. I've never heard of that, so of course, I wouldn't know where to start. On the other hand, if you're not sure, it might be clearer not to definitively state that's how things work, or presume they work? That might make it a bit clearer about what's real and what's imagined, in case you're just misremembering things. After all, if you don't know, and I don't know, and no one else here knows, maybe it's worth focusing on the things we do know instead of speculating? The information I have about use of EV identity data for anti-phishing > algorithms was all provided in private communications, so I would not be > able to name any names without permission. I have already emailed two > people about this, > Great! Then it sounds like we're on track to having you report back once you know more. I look forward to hearing how they've solved this, as it sounds like EV might have be valuable even when the UI isn't shown. That would be great validation that you don't need to show prominent UI to get user benefit. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
