This absolutely appears to be valid issuance.

And if it's valid issuance, that raises questions about the value of EV, if
we accept that the definition of EV is static and unchangeable.

What I propose is that the community of CAs either recognize that it's
worthless and give up on it - or - recognize that it's worthless as-is and
rapidly make significant changes in order to make it valuable to users and
attempt to save it.

It was injudicious of a CA to issue another certificate in this name for
this entity after the already well documented controversy.  Did they just
not care that it would invite trouble or did they not know that it would
invite controversy and trouble because they didn't track it the first time

On Wed, Apr 11, 2018 at 2:23 PM, Jonathan Rudenberg <>

> I strongly disagree. Everything is operating correctly. Corporate entity
> names are not unique, which is why EV is not useful. There were no lessons
> to be learned from the previous thread other than the fact that EV does not
> provide any useful guarantees to Mozilla's users.
> Jonathan
dev-security-policy mailing list

Reply via email to