On 8/29/19, Nick Lamb via dev-security-policy <[email protected]> wrote: > On Wed, 28 Aug 2019 11:51:37 -0700 (PDT) > Josef Schneider via dev-security-policy > <[email protected]> wrote: > >> Not legally probably and this also depends on the jurisdiction. Since >> an EV cert shows the jurisdiction, a user can draw conclusions from >> that. > > Yes it is true that crimes are illegal. This has not previously stopped > criminals, and I think your certainty that it will now is misplaced. > > What conclusions would you draw from the fact that the jurisdiction is > the United Kingdom of Great Britain and Northern Ireland?
That it isn't my financial institution. Hopefully I'd have the presence of mind to save the fraud site cert, but I'd either find the business card of the person I've been dealing with there or find an old statement, call and ask to be transferred to the fraud dept. Same deal if the displayed info ends with (US) but doesn't match what I'm expecting, except I'd be asking the fraud dept about the name change instead of telling them. I understand that ev certs aren't a panacea, but for the very few web sites that I really care about I like having the company name displayed automatically. I think they're helpful and, since I use bookmarks instead of email links or search results, provide an adequate assurance that I've actually ended up on the web site I want. Is that an incorrect assumption? What more should I be doing? Thanks, Lee _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
