On Mon, 28 Oct 2019 16:19:30 -0700 Paul Walsh via dev-security-policy <firstname.lastname@example.org> wrote: > If you believe the visual indicator has little or no value why did > you add it?
The EV indication dates back to the creation of Extended Validation, and so the CA/Browser forum, which is well over a decade ago now. But it inherits its nature as a positive indicator from the SSL padlock, which dates back to the mid-1990s when Netscape developed SSL. At the time there was not yet a clear understanding that negative indicators were the Right Thing™, and because Tim's toy hypermedia system didn't have much security built in there was a lot of work to do to get from there to here. Plenty of other bad ideas date back to the 1990s, such as PGP's "Web of Trust". I doubt that Wayne can or should answer for bad ideas just because he's now working on good ideas. Nick. _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy