> On Oct 2, 2019, at 3:11 PM, Kurt Roeckx <[email protected]> wrote: > > On Wed, Oct 02, 2019 at 02:48:56PM -0700, Paul Walsh wrote: >> On Oct 2, 2019, at 12:52 AM, Kurt Roeckx via dev-security-policy >> <[email protected]> wrote: >>> >>> On 2019-10-02 09:20, Kurt Roeckx wrote: >>>> On 2019-10-02 02:39, Paul Walsh wrote: >>>>> >>>>> According to Ellis, the goal for a customer survey is to get feedback >>>>> from people who had recently experienced "real usage" of the product. The >>>>> key question in the survey for these people according to Ellis, is: >>>>> >>>>> "How would you feel if you could no longer rely on MetaCert's green >>>>> shield? >>>> No, the question he would be asking is: >>>> "How would you feel if you could no longer use MetaCert's EV certificates?" >>> >>> And it's probably better to even turn that into: >>> How would you feel if you could no longer buy MetaCert's EV certificates? >> >> [PW] MetaCert is not a CA. We don’t have any relationships with any CAs >> either. > > Well, for what Ellis is talking about, it's asking about a > product, and how the user would feel if that product can't be used > anymore. > > That just shows that there are users that want your product, not > that everybody wants it.
I’m not sure I understand the point you would like me to take from this. Not every person in the world wants to use Firefox. That doesn’t stop Mozilla from building browser software. No company in the world tries to sell to everyone. If most people want browser UI for website identity, are you saying we shouldn’t give it to them because everyone didn’t proactively say they wanted it? > >> Our research was aimed at end-users, as I said previously. We have proof >> that users want to use a visual indicator for trust. And we also >> demonstrated that it’s possible to protect users with well designed browser >> UI/UX. > > Sure, there will be users that want that, nobody is denying that. Great. Perhaps we can talk about the things that we agree on. > >> In separate research, CAs have shown data to demonstrate that website owners >> want to have their identity verified. > > They have not. In fact, I would say that most website owners are perfectly > happy with DV certificates. What’s your source of data to substantiate what you “would say”? We need to start talking about facts and data. > > > Kurt > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
