Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Matt Palmer via dev-security-policy
On Sun, Aug 18, 2019 at 09:14:52AM +0200, Paul van Brouwershaven wrote: > On Sun, 18 Aug 2019, 07:18 Matt Palmer via dev-security-policy, < > dev-security-policy@lists.mozilla.org> wrote: > > On Thu, Aug 15, 2019 at 05:58:56PM +, Doug Beattie via > > dev-security-policy wrote: > > > Shouldn’t

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Peter Gutmann via dev-security-policy
Daniel Marschall via dev-security-policy writes: >I just looked at Opera and noticed that they don't have any UI difference at >all, which means I have to open the X.509 certificate to see if it is EV or >not. Does anyone know when Opera made the change? They had EV UI at one point, and then

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Matt Palmer via dev-security-policy
On Sun, Aug 18, 2019 at 01:35:55PM -0700, Daniel Marschall via dev-security-policy wrote: > Am Sonntag, 18. August 2019 07:18:56 UTC+2 schrieb Matt Palmer: > > [...] From what I can see so far, > > browser vendors aren't "ending" EV certificates, a couple of them are merely > > modifying their

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Daniel Marschall via dev-security-policy
Am Sonntag, 18. August 2019 07:18:56 UTC+2 schrieb Matt Palmer: > > [...] From what I can see so far, > browser vendors aren't "ending" EV certificates, a couple of them are merely > modifying their UIs guided by relevant research into the efficacy (or lack > thereof) of the current UI. > > -

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Ronald Crane via dev-security-policy
On 8/18/2019 12:39 AM, Leo Grove via dev-security-policy wrote: Deploying a Stripe Inc EV SSL from a state other than CA is one thing, but using an EV SSL in conjunction with a domain name and website with the true intent to dupe potential customers is another matter. I'm trying to get past

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Leo Grove via dev-security-policy
On Sunday, August 18, 2019 at 12:15:58 AM UTC-5, Matt Palmer wrote: > On Fri, Aug 16, 2019 at 10:03:53PM -0700, Leo Grove via dev-security-policy > wrote: > > However, as a user I support EV SSL. I personally have never come across > > a scam site that displayed an EV SSL (I'm not saying they

Re: Fwd: Intent to Ship: Move Extended Validation Information out of the URL bar

2019-08-18 Thread Paul van Brouwershaven via dev-security-policy
On Sun, 18 Aug 2019, 07:18 Matt Palmer via dev-security-policy, < dev-security-policy@lists.mozilla.org> wrote: > On Thu, Aug 15, 2019 at 05:58:56PM +, Doug Beattie via > dev-security-policy wrote: > > Shouldn’t the large enterprises that see a value in identity (as > > does GlobalSign) drive