On Thursday, August 29, 2019 at 3:10:49 PM UTC-7, Ryan Sleevi wrote: > On Thu, Aug 29, 2019 at 5:18 PM Kirk Hall via dev-security-policy < > [email protected]> wrote: > > > > In this case, the use of EV certificates, and the presumption of > > > reputation, would lead to actively worse security. > > > > > > Did I misunderstand the scenario? > > > > Don't argue with me, argue with the browser phishing filters and > > anti-phishing services who do, in fact, use EV website information to > > protect users as I described. Presumably they know what they are doing. > > > Sorry that it sounded like I'm arguing. I'm just trying to understand the > premise, since it so obviously has security holes that would make EV > certificates more dangerous for any user who relied on such services. > > Could you point to the browsing phishing filters and anti-phishing services > that do? It might be an opportunity for you to find out how they deal with > this, and report back, so we don't have to presume anything.
Let's hear directly from the experts - can you get someone from Google Safe Browsing to post to this list, and then we can all ask him or her our questions and get the definitive answers. Thanks. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
