On Mon, 11 Dec 2017, Ryan Hurst via dev-security-policy wrote:
The issues with EV are much larger than UI. It needs to be revisited and a honest and achievable set of goals need to be established and the processes and procedures used pre-issuance and post-issuance need to be defined in support those goals. Until thats been done I can not imagine any browser would invest in new UI and education of users for this capability.
While I agree that EV does not solve world peace, can you tell me what is wrong with the firefox approach of showing EV? That is, browsers hiding the real hostname with EV seems to behave wrong, and should be fixed. This seems unrelated to other noble goals of giving users improved security. It seems you are conflating many things, then say it is too much work and lets just scrap it. Thus, so far I see reason for some browsers to fix their UI. I can see reasons for EV to improve. I see no reason to further confuse users by removing EV without a successor. Paul _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
