On Monday, December 18, 2017 at 4:54:24 PM UTC-5, Andrew wrote: > On Monday, December 18, 2017 at 3:09:31 PM UTC-6, Wayne Thayer wrote: > > Thank you Ryan for raising this question, and to everyone who has been > > contributing in a constructive manner to the discussion. A number of > > excellent points have been raised on the effectiveness of EV in general and > > on the practicality of solving the problems that exist with EV. > > > > While we have concerns about the value of EV as well as the potential for > > EV to actually harm users, Mozilla currently has no definite plans to > > remove the EV UI from Firefox. At the very least, we want to see > > Certificate Transparency required for all certificates before making any > > change that is likely to reduce the use of EV certificates. > > > > Is Google planning to remove the EV UI from desktop Chrome? If so, how does > > that relate to the plan to mark HTTP sites as ‘Not secure’ [1]? Does this > > imply the complete removal of HTTPS UI? > > > > While we agree that improvements to EV validation won’t remove many of the > > underlying issues that have been raised here, we hope that CAs will move > > quickly to make the EV Subject information displayed in the address bar > > more reliable and less confusing. > > > > - Wayne > > > > [1] > > https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html > > So, given that Mozilla has no immediate plans to remove the EV UI from > Firefox, perhaps the UI should be adjusted to include the state the Subject > is registered in on the EV badge. No reason for that text to be any more > misleading than necessary. (I assume this is something we can pretty much all > agree on, yes?)
I really doubt this would help anyone. As has been mentioned, the state of incorporation for larger companies is infrequently connected to the actual company's location, and the amount of users who would benefit from seeing the state seems quite minimal. And this would expand the EV indicator's screen space quite a bit, as there is no shorthand used for the state of incorporation. I do wonder how many users actually make the connection that the country code next to the company name is in fact a country code. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
