On Mon, Mar 27, 2017 at 10:16:52PM +0200, Kurt Roeckx via dev-security-policy 
> On Mon, Mar 27, 2017 at 09:02:48PM +0100, Gervase Markham via 
> dev-security-policy wrote:
> > On 27/03/17 16:08, Martin Heaps wrote:
> > > The next level is now that any business or high valued entity should
> > > over the course of the next few years implement EV certificates (many
> > > already have) and that browsers should make EV certificates MORE
> > > noticable on websites..
> > 
> > ....or we should decide that the phishing problem is not best solved at
> > the level of certificates, but instead at a higher level (e.g. Safe
> > Browsing and similar mechanisms).
> I've been wondering if CT is a good tool for things like safe
> browsing to monitor possible phishing sites and possibly detect
> them faster.

I'm about 100% sure that having a pre-populated list of sites that are
likely to be used for URL-confusion phishing would be a valuable thing for
systems like safe browsing to implement.

- Matt

dev-security-policy mailing list

Reply via email to