On Thursday, August 29, 2019 at 3:10:49 PM UTC-7, Ryan Sleevi wrote:
> On Thu, Aug 29, 2019 at 5:18 PM Kirk Hall via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > > In this case, the use of EV certificates, and the presumption of
> > > reputation, would lead to actively worse security.
> > >
> > > Did I misunderstand the scenario?
> >
> > Don't argue with me, argue with the browser phishing filters and
> > anti-phishing services who do, in fact, use EV website information to
> > protect users as I described.  Presumably they know what they are doing.
> Sorry that it sounded like I'm arguing. I'm just trying to understand the
> premise, since it so obviously has security holes that would make EV
> certificates more dangerous for any user who relied on such services.
> Could you point to the browsing phishing filters and anti-phishing services
> that do? It might be an opportunity for you to find out how they deal with
> this, and report back, so we don't have to presume anything.

Let's hear directly from the experts - can you get someone from Google Safe 
Browsing to post to this list, and then we can all ask him or her our questions 
and get the definitive answers.  Thanks.
dev-security-policy mailing list

Reply via email to