On Thursday, August 29, 2019 at 3:10:49 PM UTC-7, Ryan Sleevi wrote:
> On Thu, Aug 29, 2019 at 5:18 PM Kirk Hall via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> 
> > > In this case, the use of EV certificates, and the presumption of
> > > reputation, would lead to actively worse security.
> > >
> > > Did I misunderstand the scenario?
> >
> > Don't argue with me, argue with the browser phishing filters and
> > anti-phishing services who do, in fact, use EV website information to
> > protect users as I described.  Presumably they know what they are doing.
> 
> 
> Sorry that it sounded like I'm arguing. I'm just trying to understand the
> premise, since it so obviously has security holes that would make EV
> certificates more dangerous for any user who relied on such services.
> 
> Could you point to the browsing phishing filters and anti-phishing services
> that do? It might be an opportunity for you to find out how they deal with
> this, and report back, so we don't have to presume anything.

Let's hear directly from the experts - can you get someone from Google Safe 
Browsing to post to this list, and then we can all ask him or her our questions 
and get the definitive answers.  Thanks.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to