On 27/10/14 17:58, John Nagle wrote: > In July 2012, the CA/Browser Forum Baseline Guidelines for > all certs, not just EV, took effect. Once those came out, > CAs started making a clear distinction between DV, OV, and EV > certs. Previously, DV vs OV had only been an informal distinction. > Two years later, many issued certs (soon I'll know how many) > bear OIDs which clearly identify them as OV certs, with the CA > standing behind the Organization and Location information. > > It's appropriate for browsers to show that new information with > users. In the browser, there are two issues: 1) detecting OV > certs, which requires a list of per-CA OIDs, and 2) displaying > something in the GUI.
You forgot 0) Having sufficient trust in the validation of that information to want to present it to users. That is what we do not have for organizational information with anything short of EV. I don't intend to take part further in this thread, because this conversation has happened many, many times. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
