On Thu, Aug 29, 2019, at 13:39, Kirk Hall via dev-security-policy wrote: > This string is about Mozilla’s announced plan to remove the EV UI from > Firefox in October. Over time, this will tend to eliminate confirmed > identity information about websites from the security ecosystem, as EV > website owners may decide it’s not worth using a n EV certificate if > browsers decide to hide the data from users. As noted in my last > message, this will be a tragedy for users, as browser phishing filters > and other anti-phishing services currently rely on website EV data in > their algorithms for protecting users.
Can you provide more detail (preferably with citations) about how browser phishing filters, and specifically Google Safe Browsing (used by Firefox), rely on EV data? It's not clear to me how this could possibly be useful in detecting phishing given the data that you've previously published showing that an extremely small number sites with EV certificates were detected as phishing. Jonathan  https://casecurity.org/wp-content/uploads/2018/06/Summary-Report-Incidence-of-Phishing-04-16-2018.pdf _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy