On Oct 14, 2019, at 12:07 PM, Ronald Crane via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > The finding is from public information that is relevant to the current value > of EV certificates, which is a central part of this discussion.
[PW] For the record, we didn't purchase an EV cert because the browser UI and UX was (and still is in Firefox) so terrible that almost no end-user could tell when a website owner had their identity verified or not. It doesn’t take a product person or designer or a user experience expert to see this. Had the browsers implemented good UI/UX you would see an EV cert for our corporate website. If Mozilla implements meaningful UI/UX in the future, I’ll immediately switch to whatever it is that Firefox uses to read identity information. If that’s EV, great. If it’s something else, great. As long as the price is right. - Paul > > -R > > On 10/14/2019 11:10 AM, Paul Walsh via dev-security-policy wrote: >> I have two questions Ronald: >> >> 1. What should I look for? I just see a DV cert from Let’s Encrypt. >> >> 2. Why did you message the entire community about whatever it is you’ve >> found? >> >> Thanks, >> Paul >> >> Sent from my iPhone >> >>> On Oct 12, 2019, at 11:04 AM, Ronald Crane via dev-security-policy >>> <dev-security-policy@lists.mozilla.org> wrote: >>> >>> Just FYI, metacert.com served up this cert recently: >>> https://crt.sh/?id=1884181370 . >>> >>> -R >>> >>> _______________________________________________ >>> dev-security-policy mailing list >>> dev-security-policy@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-security-policy >> _______________________________________________ >> dev-security-policy mailing list >> dev-security-policy@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
