On Friday, August 30, 2019 at 11:38:55 AM UTC-7, Peter Bowen wrote: > On Fri, Aug 30, 2019 at 10:22 AM Kirk Hall via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > I'll just reiterate my point and then drop the subject. EV certificate > > subject information is used by anti-phishing services and browser phishing > > filters, and it would be a loss to the security ecosystem if this EV data > > disappears (meaning that the decision on removal of the EV UI has greater > > repercussions than just whether or not users can tell in the primary UI if > > their website does or does not have any confirmed identity information). > > > > Kirk, > > I have to admit that the first time I ever heard of browser phishing > filters and Internet security products (such as Trend Micro, Norton, > Mcafee, etc) differentiating between DV and EV SSL certificates as part of > their algorithm is in this thread, from you. As someone who has a website, > I would really appreciate it if you could point to where this is > documented. This morning I looked at a couple of network security vendor > products I've used and couldn't find any indication they differentiate, but > if there are ones that do it would certainly influence my personal decision > on the kind of certificates to use and to recommend others to use. > > I'm not personally aware of anyone doing this. Are you aware of any > product literature that discusses this? > > Thanks, > Peter
I have some emails out asking permission to share information that was given to us in the past. If I receive permission, I will post something further. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy