@jdstrand: I may have not explained this ideally. Yes, EV certs will protect us if your router is trying to lie to you about where paypal.com is, but they don't help at all if my app shows something which looks like the trust-store dialog but actually isn't. Users will then type their Ubuntu One password into it, which we don't want them to do, but there's no way of telling whether something that looks like a secure OS- presented dialog actually *is* that secure OS-presented dialog.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1489643 Title: [pay UI] Paypal login cannot be assured to be from paypal To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1489643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs