Duane wrote: > you'd think the browsers with their cries of standards and > openness so they don’t get locked out by Microsoft wouldn't be so quick > to jump on this band wagon, but the complete opposite is true. > It's also striking to read the introduction of the guidelines:
"The CA/Browser Forum is a voluntary _*open*_ organization of certification authorities and vendors of Internet browser software and other applications." It's about as open as Microsoft's kernel... > > EV certs are being touted by Microsoft as preventing phishing, but as so > few phishing attacks utilise SSL at present this claim is laudable at best. With currently only 0.25 % of pishing sites using SSL certification (including self signed) as shown on this list earlier (source netcracft), this is certainly the wrong reason for EV certification...even the guidelines themselves, lists pishing only as secondary purpose... -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security