On Fri, Aug 30, 2019 at 10:22 AM Kirk Hall via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> I'll just reiterate my point and then drop the subject. EV certificate > subject information is used by anti-phishing services and browser phishing > filters, and it would be a loss to the security ecosystem if this EV data > disappears (meaning that the decision on removal of the EV UI has greater > repercussions than just whether or not users can tell in the primary UI if > their website does or does not have any confirmed identity information). > Kirk, I have to admit that the first time I ever heard of browser phishing filters and Internet security products (such as Trend Micro, Norton, Mcafee, etc) differentiating between DV and EV SSL certificates as part of their algorithm is in this thread, from you. As someone who has a website, I would really appreciate it if you could point to where this is documented. This morning I looked at a couple of network security vendor products I've used and couldn't find any indication they differentiate, but if there are ones that do it would certainly influence my personal decision on the kind of certificates to use and to recommend others to use. I'm not personally aware of anyone doing this. Are you aware of any product literature that discusses this? Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
