Daniel Marschall via dev-security-policy <[email protected]> writes:
>I share the opinion with Jakob, except with the CVE. Please remove this >change. It is unnecessary and kills the EV market. And that was my motivation for the previous question: We know from a decade of data that EV certs haven't made any difference to security. The only thing they've affected is CA's bottom line, since they can now go back to charging 1990s prices for EV certs rather than $9.95 for non-EV certs. Removing the UI bling for the more expensive certs makes sense from a security point of view, but not from a business point of view: "it kills the [very lucrative] EV market". It'd be interesting to hear what CAs think of this. Will the next step be EEV certs and a restart of the whole cycle, as was predicted when EV certs first came out? Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
