- If the fundamental certificate does deserve the UI treatment, then > demonstrate why it does. You seem to be in agreement that the present form > of legal identity is insufficient for the presumed use case, so I'm hoping > you can close the gap in my understanding on why something is > simultaneously insufficient yet suitable. > > One argument, for example, is that the mechanism provides significant value to the advanced user who is skilled in business structure / business entity exploration. I did not say it was a strong or broad argument, but there is a reasonably unambiguous value to a non-zero population.
I think it will be a difficult sell to remove EV certificate UI handling, as nothing is proposed to replace it. It seems fairly simple to redefine the EV qualifications and validation standards to achieve strong value, though admittedly it would do so at the cost of some inclusiveness. That seems far more likely to achieve short term results than removing the UI handling, having CAs lobby to re-add the UI for a whole new program, etc. An objective study of the advisability of the removal of EV handling would incorporate an analysis of the risks EV -- as it sits today -- is successfully mitigating as well as the risks it enhances or presents. That Kentucky registration for Stripe, Inc. -- Is it completely fraudulent as to registered agent, business address, etc? If it's not, then the certificate and underlying entity serve as an archived investigative entry point for law enforcement or potential civil action. Even if it is, someone filed the paperwork. Court houses have clerks, guards, video cameras, etc... It still may present a real physical point from which to bootstrap an investigation. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
