On Sunday, August 18, 2019 at 12:15:58 AM UTC-5, Matt Palmer wrote: > On Fri, Aug 16, 2019 at 10:03:53PM -0700, Leo Grove via dev-security-policy > wrote: > > However, as a user I support EV SSL. I personally have never come across > > a scam site that displayed an EV SSL (I'm not saying they don't exist). > > Has anyone else come across a "scam site" displaying EV that's not part of > > an academic exercise? > > Counter-question: why does that matter? > > - Matt
It matters because someone on this discussion claimed to be able to buy an EV SSL on the black market and used it as a supporting argument against EV. I'd honestly like to know if anyone has seen one in "in the wild" so to speak. My write-up was from the perspective of a user so I'd like to know if I've been putting too much faith in EV SSL since there may be scam sites employing these pirated certificates. Deploying a Stripe Inc EV SSL from a state other than CA is one thing, but using an EV SSL in conjunction with a domain name and website with the true intent to dupe potential customers is another matter. I'm trying to get past the theoretical and get to real world instances. Leo _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy