Dear Daniel!
> Please tell me if I understand this correctly...
> Is it that DV and EV certificates now both show the same lock symbol?
> That would be a great harm in my opinion. And I do not understand why you 
> want this change.
> I think EV is very important and I explain why.
> Let's look at following hypothetical case: We have, as 
> well as and . Notice the two
> number 1 (one) instead of a lower case L in the latter two domains. (lowecase 
> "L" and "one" look perfectly equal in Times New Roman. And
> lowercase "L" looks perfectly equal to uppercase "i" in Arial.)
> In old Firefox, I get a green bar if I visit and, 
> telling me that this is a well-known company that got the EV certificate.
> The other fake domains and only have DV certificates by 
> Let's Encrypt.
> In the newer Firefox, both domains, the real one and the fake one both get a 
> lock symbol. And I need to click the lock to see if it is DV or EV.
> Do I understand that correctly?

Any CA that strictly follow BRGs 4.2.1 should not issue a certificate for or Until recently this was also done by Let's Encrypt, 
but they stopped doing so in January 2019 -
 Maybe someone from the Let's Encrypt team can explain, how they are now 
fulfilling this requirement.

dev-security-policy mailing list

Reply via email to