Boris Zbarsky wrote:
No, he means "once all the reputable businesses have EV certs, it'll be to the CA's financial advantage to introduce a new 'even more trustworthy' type of cert (call it EEV), so they can sell all those businesses EEV certs too".
The CAs can't provide a business case for that unless the browsers agree to have yet another UI differentiator for these new EEV certs. And that's pretty unlikely, given that we want to reduce UI complexity and make security decisions easier. We'd have no motive to support EEV, even if they went off and invented it.
Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
