Jakob Bohm via dev-security-policy <dev-security-policy@lists.mozilla.org> 

>Problem example:

You're explaining how it's supposed to work in theory, not in the real world.

We have a decade of real-world data showing that it doesn't work, that there's
no benefit from EV certificates apart from the one to CA's balance sheets.  So
the browser vendors are doing the logical thing, responding to the real-world
data and no longer pretending that EV certs add any security value, both in
terms of protecting users and of keeping out the bad guys - see the attached
screen clip, in this case for EV code-signing certs for malware, but you can
buy web site EV certs just as readily.

dev-security-policy mailing list

Reply via email to