On Wed, Aug 14, 2019 at 11:52:46PM -0700, Daniel Marschall via 
dev-security-policy wrote:
> In old Firefox, I get a green bar if I visit google.com and paypal.com, 
> telling me that this is a well-known company that got the EV certificate.
> The other fake domains goog1e.com and paypa1.com only have DV certificates by 
> Let's Encrypt.

The green bar does not indicate that it's a well-known company. It
means someone payed for an EV certificate. The green bar does not
in any way say it's more secure or indicate that you're talking to
some trustworthy company. It only gives you a false sense of
security.


Kurt

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to