Doug Beattie <doug.beat...@globalsign.com> writes: >So far I see is a number of contrived test cases picking apart small >components of EV, and no real data to back it up.
See the phishing stats from any source you care to use. I've already mentioned the APWG which I consider the premier source, and also linked to the SSL Store blog which happened to be the first Google hit, but feel free to take any source of stats you trust, and see if you can find any that show that phishing decreased and/or security increased due to EV certs. I could also reverse this and say: You claim that EV certs are useful. Produce some stats showing this. We could agree on using the APWG as our source, since they're a pretty authoritative. In either case, we've got a good, decade-long, reliable, heavily-analysed data source, it's up to the two sides to use it to support their case. I've already made mine. >Yes, I work for a CA that issues EV certificates, but if there was no value >in them, then our customers would certainly not be paying extra for them. Must remember that one for the quotes file :-). In case you're wondering why I find it amusing, consider this variant: Yes, I work for Monster Cable, but if there was no value in our cables then our customers would certainly not be paying extra for them. Peter. _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy