On Wed, Jul 23, 2014 at 7:50 AM, Gervase Markham <[email protected]> wrote:
> If it makes no difference to the security, why would the average user > want to know (how would they even understand the difference?), and why > would a web browser want to complicate its UI by showing them? Anyone making the UX of a UA that performs X.509 validation can certainly try to distinguish OV from DV programatically (potentially hard, as Hurst notes), but I am pretty sure they'll find that their users don't appreciate the distinction. In the case of browsers specifically, the same-origin policy is the law of the land, and complicating it further (to distinguish levels of subject validation) would not fly in any case — with users or with web developers. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
