On Oct 2, 2019, at 12:52 AM, Kurt Roeckx via dev-security-policy <[email protected]> wrote: > > On 2019-10-02 09:20, Kurt Roeckx wrote: >> On 2019-10-02 02:39, Paul Walsh wrote: >>> >>> According to Ellis, the goal for a customer survey is to get feedback from >>> people who had recently experienced "real usage" of the product. The key >>> question in the survey for these people according to Ellis, is: >>> >>> "How would you feel if you could no longer rely on MetaCert's green shield? >> No, the question he would be asking is: >> "How would you feel if you could no longer use MetaCert's EV certificates?" > > And it's probably better to even turn that into: > How would you feel if you could no longer buy MetaCert's EV certificates?
[PW] MetaCert is not a CA. We don’t have any relationships with any CAs either. We do not sell verification services to website owners. We’re doing verification at scale, for free. We generate revenue on the other end - selling security services as well as API access to the data. Trying to protect users from threats is clearly not working. So they need to know what’s verified as not-unsafe. I’m afraid to use the word safe too often because it’s vague. Our research was aimed at end-users, as I said previously. We have proof that users want to use a visual indicator for trust. And we also demonstrated that it’s possible to protect users with well designed browser UI/UX. In separate research, CAs have shown data to demonstrate that website owners want to have their identity verified. I haven’t seen any research / data to show why Mozilla should remove UI instead of improving it. FWIW my COO and engineers built the official Firefox add-ons for digg, Delicious, Yahoo!, eBay, PayPal, Google and Microsoft. And they built and maintained spreadfirefox .com - so we have a lot of experience working "with” Mozilla. We're blown away by the team’s decision to remove UI without any research to back up their decisions. Was there anything you disagreed with in my lengthy responses Kurt? Thanks, Paul _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
