Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

> On Oct 9, 2019, at 4:19 PM, Peter Gutmann wrote: > > Paul Walsh via dev-security-policy > writes: > >> The data suggests that automatically issued DV certs for free is a favorite >> for criminals. > > True, but that one's just an instance of Sutton's Law, they go for those > because

Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On 10/3/2019 8:44 PM, Matt Palmer via dev-security-policy wrote: On Thu, Oct 03, 2019 at 05:36:50PM -0700, Ronald Crane via dev-security-policy wrote: On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote: [snip] I guess I wasn't specific enough. I am looking for a good study that

Re: Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On Thu, Oct 03, 2019 at 05:36:50PM -0700, Ronald Crane via dev-security-policy wrote: > > On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote: > > [snip] > > > I guess I wasn't specific enough. I am looking for a good study that > > > supports the proposition that the Internet

Re: [FORGED] Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote: [snip] I guess I wasn't specific enough. I am looking for a good study that supports the proposition that the Internet community has (1) made a concerted effort to ensure that there is only one authentic domain per entity (or, at

Re: [FORGED] Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On Thu, Oct 3, 2019 at 3:45 PM Ronald Crane via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 10/2/2019 9:44 PM, Peter Gutmann via dev-security-policy wrote: > > Ronald Crane via dev-security-policy < > dev-security-policy@lists.mozilla.org> writes: > > > >> Please cite

Re: [FORGED] Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On 10/2/2019 9:44 PM, Peter Gutmann via dev-security-policy wrote: Ronald Crane via dev-security-policy writes: Please cite the best study you know about on this topic (BTW, I am *not* snidely implying that there isn't one). Sure, gimme a day or two since I'm away at the moment.

Re: [FORGED] Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

Ronald Crane via dev-security-policy writes: >Please cite the best study you know about on this topic (BTW, I am *not* >snidely >implying that there isn't one). Sure, gimme a day or two since I'm away at the moment. Alternatively, there's been such a vast amount of work done on this that a

Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

On 10/2/2019 3:27 PM, Peter Gutmann wrote: Ronald Crane via dev-security-policy writes: "Virtually impossible"? "Anyone"? Really? Those are big claims that need real data. How many references to research papers would you like? Would a dozen do, or do you want two dozen? One well-done

Re: [FORGED] Re: Website owner survey data on identity, browser UIs, and the EV UI

> On Oct 2, 2019, at 3:27 PM, Peter Gutmann via dev-security-policy > wrote: > > Ronald Crane via dev-security-policy > writes: > >> "Virtually impossible"? "Anyone"? Really? Those are big claims that need real >> data. > > How many references to research papers would you like? Would a