On Mon, 28 Oct 2019 16:19:30 -0700
Paul Walsh via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
> If you believe the visual indicator has little or no value why did
> you add it? 

The EV indication dates back to the creation of Extended Validation,
and so the CA/Browser forum, which is well over a decade ago now.

But it inherits its nature as a positive indicator from the SSL
padlock, which dates back to the mid-1990s when Netscape developed SSL.
At the time there was not yet a clear understanding that negative
indicators were the Right Thing™, and because Tim's toy hypermedia
system didn't have much security built in there was a lot of work to
do to get from there to here.

Plenty of other bad ideas date back to the 1990s, such as PGP's "Web of
Trust". I doubt that Wayne can or should answer for bad ideas just
because he's now working on good ideas.

dev-security-policy mailing list

Reply via email to