Daniel Marschall via dev-security-policy 
<dev-security-policy@lists.mozilla.org> writes:

>I share the opinion with Jakob, except with the CVE. Please remove this
>change. It is unnecessary and kills the EV market.

And that was my motivation for the previous question: We know from a decade of
data that EV certs haven't made any difference to security.  The only thing
they've affected is CA's bottom line, since they can now go back to charging
1990s prices for EV certs rather than $9.95 for non-EV certs.  Removing the UI
bling for the more expensive certs makes sense from a security point of view,
but not from a business point of view: "it kills the [very lucrative] EV

It'd be interesting to hear what CAs think of this.  Will the next step be EEV
certs and a restart of the whole cycle, as was predicted when EV certs first
came out?

dev-security-policy mailing list

Reply via email to