On Wed, Oct 02, 2019 at 02:48:56PM -0700, Paul Walsh wrote: > On Oct 2, 2019, at 12:52 AM, Kurt Roeckx via dev-security-policy > <[email protected]> wrote: > > > > On 2019-10-02 09:20, Kurt Roeckx wrote: > >> On 2019-10-02 02:39, Paul Walsh wrote: > >>> > >>> According to Ellis, the goal for a customer survey is to get feedback > >>> from people who had recently experienced "real usage" of the product. The > >>> key question in the survey for these people according to Ellis, is: > >>> > >>> "How would you feel if you could no longer rely on MetaCert's green > >>> shield? > >> No, the question he would be asking is: > >> "How would you feel if you could no longer use MetaCert's EV certificates?" > > > > And it's probably better to even turn that into: > > How would you feel if you could no longer buy MetaCert's EV certificates? > > [PW] MetaCert is not a CA. We don’t have any relationships with any CAs > either.
Well, for what Ellis is talking about, it's asking about a product, and how the user would feel if that product can't be used anymore. That just shows that there are users that want your product, not that everybody wants it. > Our research was aimed at end-users, as I said previously. We have proof that > users want to use a visual indicator for trust. And we also demonstrated that > it’s possible to protect users with well designed browser UI/UX. Sure, there will be users that want that, nobody is denying that. > In separate research, CAs have shown data to demonstrate that website owners > want to have their identity verified. They have not. In fact, I would say that most website owners are perfectly happy with DV certificates. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
