Kirk, I know you are really passionate about extended validation and it does come across in your correspondences on this forum and the CAB Forum but sometimes our passion or frustration leads us to divulge private information which shouldn't have been released into the public domain. Before you post any other correspondences to this forum or any other forum, give it a check over or leave it until you are in a better frame of mind. You don't want to accidentally break the NDA agreements you have signed over the course of your work.
Thank you, Burton On Fri, Aug 30, 2019 at 8:45 PM Kirk Hall via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > On Friday, August 30, 2019 at 11:38:55 AM UTC-7, Peter Bowen wrote: > > On Fri, Aug 30, 2019 at 10:22 AM Kirk Hall via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > > > > I'll just reiterate my point and then drop the subject. EV certificate > > > subject information is used by anti-phishing services and browser phishing > > > filters, and it would be a loss to the security ecosystem if this EV data > > > disappears (meaning that the decision on removal of the EV UI has greater > > > repercussions than just whether or not users can tell in the primary UI if > > > their website does or does not have any confirmed identity information). > > > > > > > Kirk, > > > > I have to admit that the first time I ever heard of browser phishing > > filters and Internet security products (such as Trend Micro, Norton, > > Mcafee, etc) differentiating between DV and EV SSL certificates as part of > > their algorithm is in this thread, from you. As someone who has a website, > > I would really appreciate it if you could point to where this is > > documented. This morning I looked at a couple of network security vendor > > products I've used and couldn't find any indication they differentiate, but > > if there are ones that do it would certainly influence my personal decision > > on the kind of certificates to use and to recommend others to use. > > > > I'm not personally aware of anyone doing this. Are you aware of any > > product literature that discusses this? > > > > Thanks, > > Peter > > I have some emails out asking permission to share information that was given > to us in the past. If I receive permission, I will post something further. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
