This absolutely appears to be valid issuance. And if it's valid issuance, that raises questions about the value of EV, if we accept that the definition of EV is static and unchangeable.
What I propose is that the community of CAs either recognize that it's worthless and give up on it - or - recognize that it's worthless as-is and rapidly make significant changes in order to make it valuable to users and attempt to save it. It was injudicious of a CA to issue another certificate in this name for this entity after the already well documented controversy. Did they just not care that it would invite trouble or did they not know that it would invite controversy and trouble because they didn't track it the first time around? On Wed, Apr 11, 2018 at 2:23 PM, Jonathan Rudenberg <jonat...@titanous.com> wrote: > > > I strongly disagree. Everything is operating correctly. Corporate entity > names are not unique, which is why EV is not useful. There were no lessons > to be learned from the previous thread other than the fact that EV does not > provide any useful guarantees to Mozilla's users. > > Jonathan > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
