On Thu, Apr 12, 2018 at 2:57 PM, Eric Mill <e...@konklone.com> wrote:
> Of course, that would break his proof-of-concept exploit.  Which is the
>> right outcome.  It demonstrates that an EV certificate used in a manner
>> which might cause confusion will be revoked.  They're not stopping him from
>> publishing.  He can still do that, without the benefit of an EV certificate.
> The stripe.ian.sh site itself is not likely to cause confusion, and was
> not an exploit. Here's what stripe.ian.sh looks like right now:

(Inline images don't appear to play too well with m.d.s.p, so I've attached
the image to this email.)

konklone.com | @konklone <https://twitter.com/konklone>
dev-security-policy mailing list

Reply via email to