On Sunday, August 18, 2019 at 12:15:58 AM UTC-5, Matt Palmer wrote:
> On Fri, Aug 16, 2019 at 10:03:53PM -0700, Leo Grove via dev-security-policy 
> wrote:
> > However, as a user I support EV SSL.  I personally have never come across
> > a scam site that displayed an EV SSL (I'm not saying they don't exist). 
> > Has anyone else come across a "scam site" displaying EV that's not part of
> > an academic exercise?
> Counter-question: why does that matter?
> - Matt

It matters because someone on this discussion claimed to be able to buy an EV 
SSL on the black market and used it as a supporting argument against EV. I'd 
honestly like to know if anyone has seen one in "in the wild" so to speak.

My write-up was from the perspective of a user so I'd like to know if I've been 
putting too much faith in EV SSL since there may be scam sites employing these 
pirated certificates.

Deploying a Stripe Inc EV SSL from a state other than CA is one thing, but 
using an EV SSL in conjunction with a domain name and website with the true 
intent to dupe potential customers is another matter. I'm trying to get past 
the theoretical and get to real world instances.

dev-security-policy mailing list

Reply via email to