On 17/08/2019 03:15, Peter Gutmann wrote:
Corey Bonnell via dev-security-policy <dev-security-policy@lists.mozilla.org>
writes:
the effectiveness of the EV UI treatment is predicated on whether or not the
user can memorize which websites always use EV certificates *and* no longer
proceed with using the website if the EV treatment isn't shown. That's a huge
cognitive overhead for everyday web browsing
In any case things like Perspectives and Certificate Patrol already do this
for you, with no overhead for the user, and it's not dependent on whether the
cert is EV or not. They're great add-ons for detecting sudden cert changes.
Like EV certs though, they have no effect on phishing. They do very
effectively detect MITM, but for most users it's phishing that's the real
killer.
Your legendary dislike for all things X.509 is showing. You are
constantly arguing that because they are not perfect, they are useless,
while ignoring any and all improvements since you original write ups.
You really should look at the long term agendas at work here and
reconsider what you may be inadvertently supporting.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
