On Oct 18, 2019, at 6:31 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
> Paul Walsh via dev-security-policy <dev-security-policy@lists.mozilla.org>
> writes:
>
>> I have no evidence to prove what I’m about to say, but I *suspect* that the
>> people at BSI specified “EV” over the use of other terms because of the
>> consumer-visible UI associated with EV (I might be wrong).
>
> Except that, just like your claims about Mozilla, they never did that, they
> just give a checklist of cert types, DV, OV, and EV. If there was a Mother-
> validated cert type, the list would no doubt have included MV as well.
>
> In fact if you're going to go to sheep's-entrails levels of interpretation,
> they place EV last on their list, and it's phrased more as an afterthought
> than the first two ("must support DV, OV, and also EV").
>
> You're really grasping at straws here...
[PW] Rather than comment on me, perhaps you could indulge us with your
interpretation. At least I’m open to being wrong. Are you?
Since it does the same thing as DV in regards to encryption, why do you think
they specified EV?
- Paul
>
> Peter.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
