On Mon, Mar 27, 2017 at 10:16:52PM +0200, Kurt Roeckx via dev-security-policy wrote: > On Mon, Mar 27, 2017 at 09:02:48PM +0100, Gervase Markham via > dev-security-policy wrote: > > On 27/03/17 16:08, Martin Heaps wrote: > > > The next level is now that any business or high valued entity should > > > over the course of the next few years implement EV certificates (many > > > already have) and that browsers should make EV certificates MORE > > > noticable on websites.. > > > > ....or we should decide that the phishing problem is not best solved at > > the level of certificates, but instead at a higher level (e.g. Safe > > Browsing and similar mechanisms). > > I've been wondering if CT is a good tool for things like safe > browsing to monitor possible phishing sites and possibly detect > them faster.
I'm about 100% sure that having a pre-populated list of sites that are likely to be used for URL-confusion phishing would be a valuable thing for systems like safe browsing to implement. - Matt _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy