Duane wrote: > Alaric Dailey wrote: > > >> Remember there are least 2 Free CAs listening and contributing on this >> list, that means monetary barriers (assuming a steep price from >> Verisign) won't be an issue for phishers. >> > > Since phishing exists happily with no SSL, why would they start using > SSL all of a sudden now that EV's are being discussed? > > This will do very little for security for anyone as it fails to address > the real problems and tries to attack a niche situation that isn't under > attack... > > I'm a little confused here, can someone please explain to me how this is > supposed to help the vast majority of users? > > I think you misunderstand....
I don't think EV certs are meaningful AT ALL. So far I have seen nothing from the Spec that makes me think that anyone would bother with them... short of IE refusing to use current certificates, or possibly some dramatic improvement that I have yet to see. <http://cert.startcom.org/?app=109> _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security