Hi Dan,
Dan Veditz wrote:
It's certainly not going to be a green bar, but if we can come up with
something decent isn't it worth being able to tell the difference between
we know these identities were validated to a certain standard vs. these
identities may or may not have been validated to
Eddy Nigg (StartCom Ltd.) wrote:
My question to your suggestion is, if we can't come up with something,
that would tell the user _any_ difference between _any_ certificate.
Which means, to display the user the most important information in a
convenient way, which could be perhaps the subject
Ben Bucksch wrote:
OK. My thought is that we don't have many chances to push things like
that and have users consider it. If we make them aware of it, it better
be bulletproof, or we should not bother them with it, just treat it as
little better SSL cert, no special treatment.
You're
Eddy Nigg (StartCom Ltd.) wrote:
Florian Weimer wrote:
They don't, as far as I can tell. Evidence provided by a Qualified
Indepedent Information Source (QIIS) is usually sufficent. Verisign
seems to have copied this part of the guidelines verbatim.
Guess whatthey wrote most of the
You aren't going to give up with the unfounded allegations of
impropriety, are you?
Eddy Nigg (StartCom Ltd.) wrote:
OK! However the most important thing about this certificate is the fact,
that it was issued:
1) More or less at the same day the EV guidelines were approved...
Except that
On 2007-02-05, Gervase Markham [EMAIL PROTECTED] wrote:
[snip]
Throw all the information at the user and let them make up their own
mind is not going to be our UI strategy. So you may as well stop
lobbying for it to be. :-|
Seems to me that your own point extends to EV though. I can't see
Ben Bucksch wrote:
Florian Weimer wrote:
Host names like c1d3q2 are fine, but you shouldn't be allowed to use a
well-known or registered trademark. If I read the Verisign CPS
correctly, I would be able to obtain a EV certificate for
citibank.enyo.de if I incorporated.
Right, that's the
Hi Gerv,
You are continually damaging your credibility in this discussion
Thank you for taking care of my creditability!
I can state with certainty that Verisign did not write most of the EV
guidelines.
Right, to all _my knowledge_ it was mostly drawn up by Kelvin Yiu of
Microsoft. However
* Gervase Markham:
We are currently looking into the feasibility of using the new
effective TLD service to change the URL bar so it would read (where
CAPS indicates emphasis:
www.citibank.ENYO.DE
www.CITIBANK.COM
which makes the distinction between the two quite a bit more obvious.
*grr*
Gervase Markham wrote:
Ben Bucksch wrote:
OK. My thought is that we don't have many chances to push things like
that and have users consider it. If we make them aware of it, it
better be bulletproof, or we should not bother them with it, just
treat it as little better SSL cert, no special
10 matches
Mail list logo
