I disagree on what this is evidence of: It's evidence that the claimed benefits of EV (by CA, WRT phishing) do not match the technical reality. As Ryan noted, as far as I'm aware this certificate violates neither the BRs, nor the EVG.
Alex On Wed, Apr 11, 2018 at 2:48 PM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Additionally, I think it's fair to say that I'm aghast that another CA > (who by their inclusion in the Mozilla root program has agreed to stay > abreast of developments on this list) has issued for the exact same entity > and name that already led to significant controversy covered on this list > less than a year ago. > > I believe that speaks to inattention to the list or failure to incorporate > lessons learned from controversies on this list into issuance and/or > validation practice. > > On Wednesday, April 11, 2018 at 1:19:03 PM UTC-5, Ryan Sleevi wrote: > > > Could you clarify what you're aghast at? > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy