The question that I have is whether the community might consider it in-scope to discuss enhancements (even fixes) to EV to arrive at assurance commensurate to its handling.
Matt Hardeman On Mon, Dec 11, 2017 at 2:09 PM, Ryan Sleevi via dev-security-policy < [email protected]> wrote: > On Mon, Dec 11, 2017 at 2:50 PM, Tim Hollebeek <[email protected] > > > wrote: > > > > > > > Certainly, as you noted, one option is to improve EV beyond simply being > > an assertion of legal existence. > > > > Does this mean we're in agreement that EV doesn't provide value to justify > the UI then? ;-) > > I say it loaded and facetiously, but I think we'd need to be honest and > open that if we're saying something needs to be 'more' than EV, in order to > be useful and meaningful to users - which is what justifies the UI surface, > versus being useful to others, as Matt highlighted - then either EV meets > the bar of UI utility or it doesn't. And if it doesn't, then orthogonal to > and separate from efforts to add "Validation ++" (whether they be QWACS in > eIDAS terms or something else), then there's no value in the UI surface > today, and whether there's any value in UI surface in that Validation++ > should be evaluated on the merits of Validation++'s proposals, and not by > invoking EV or grandfathering it in. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
