Gervase Markham wrote:
But (and I feel like a broken record)
Me too ;-)
we should only display this information if there's some chance it'll be correct.No, a decent browser should provide the information of the certificate in an easy way! Withholding valuable information isn't perhaps the job of a browser?
And we're back into the "how good are current organisational vetting procedures?" question which EV is supposed to deal with.
But also back and again...EV is a business plan! It has nothing to do with the supposed verification procedures, because the procedures existed in similar forms already...any CA is free to pick these procedures as their own and start issuing certificates accordingly today! But it's truly the problem about how to market and sell them! It was obvious a while ago and it's more obvious now....This is the issue here....It's the incentive the browser vendors have to give to the customers of the issuing CA's.
Concerning the user, I think when we asked a few month ago about studies concerning the effectiveness of the "green address bar", none could be provided. Now there are some negative reports... But I'm sure you'll receive swiftly a few studies paid by some CA showing how EV helps the user...ala "Get the Windows Facts"...
In the meantime, let the various CA's do a really great job and make some real good verifications based on the EV guidelines - without the greenly incentive!
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
