Both mine and Ian's demonstrations never harmed or deceived anyone as they were proof of concept. The EV certs were properly validated to the EV guidelines. Both companies are legitimate. So what's the issue? None.
On Thu, Apr 12, 2018 at 8:05 PM, Eric Mill via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thu, Apr 12, 2018 at 2:57 PM, Eric Mill <e...@konklone.com> wrote: > > > > > > Of course, that would break his proof-of-concept exploit. Which is the > >> right outcome. It demonstrates that an EV certificate used in a manner > >> which might cause confusion will be revoked. They're not stopping him > from > >> publishing. He can still do that, without the benefit of an EV > certificate. > >> > > > > The stripe.ian.sh site itself is not likely to cause confusion, and was > > not an exploit. Here's what stripe.ian.sh looks like right now: > > > > (Inline images don't appear to play too well with m.d.s.p, so I've attached > the image to this email.) > > -- > konklone.com | @konklone <https://twitter.com/konklone> > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy