It makes a difference because you can tell whether the CA is operating effective polices in accordance with the BRs. Too many DV certs hold themselves out as OV certs without actually providing the verification under the BRs. Requiring the BR OIDs is an assertion by the CA of compliance that is independent of any display in the UI.
Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Gervase Markham Sent: Wednesday, July 23, 2014 8:51 AM To: [email protected]; [email protected] Subject: Re: Proposal: Advocate to get Section 9.3.1 (Reserved Certificate Policy Identifiers) made mandatory. On 23/07/14 14:18, [email protected] wrote: > Clearly EV is very much the gold standard, but I there is a relevant > general difference between EV and DV even if not a security one. It > would be nice if Firefox could state that the certificate was DV or EV > in a neutral way without making / implying any security difference. If it makes no difference to the security, why would the average user want to know (how would they even understand the difference?), and why would a web browser want to complicate its UI by showing them? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
