Hi Paul,

I take the view that the articles on the CA Security Council website are a
form of marketing gimmick with no value whatsoever.

Thank you


On Tue, Oct 29, 2019 at 5:55 PM Paul Walsh via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> Hi Nick,
> > On Oct 29, 2019, at 7:07 AM, Nick Lamb <n...@tlrmx.org> wrote:
> >
> > On Mon, 28 Oct 2019 16:19:30 -0700
> > Paul Walsh via dev-security-policy
> > <dev-security-policy@lists.mozilla.org> wrote:
> >> If you believe the visual indicator has little or no value why did
> >> you add it?
> >
> > The EV indication dates back to the creation of Extended Validation,
> > and so the CA/Browser forum, which is well over a decade ago now.
> >
> > But it inherits its nature as a positive indicator from the SSL
> > padlock, which dates back to the mid-1990s when Netscape developed SSL.
> > At the time there was not yet a clear understanding that negative
> > indicators were the Right Thing™, and because Tim's toy hypermedia
> > system didn't have much security built in there was a lot of work to
> > do to get from there to here.
> >
> > Plenty of other bad ideas date back to the 1990s, such as PGP's "Web of
> > Trust". I doubt that Wayne can or should answer for bad ideas just
> > because he's now working on good ideas.
> [PW] I agree with your conclusion. But you’re commenting on the wrong
> thing. You snipped my message so much that my comment above is without
> context. You snipped it in a way that a reader will think I’m asking about
> the old visual indicators for identity - I’m not. I asked Wayne if he
> thinks the new Firefox visual indicator for tracking is unnecessary.
> I don’t want to labour my points any more. Those who disagree and took the
> time to comment, aren’t willing to exchange meaningful, constructive,
> respectful counter arguments. Those who disagree but aren’t commenting, may
> or may not care at all. And those who agree mostly show their support in
> private. I feel like this conversation is sucking up all the oxygen as a
> result.
> If we are all doing such a great job, attacks wouldn’t be on the rise and
> phishing wouldn’t be the number 1 problem. And we all know phishing is
> where a user falls for a deceptive website.
> One last time, here’s the article I wrote with many data points
> https://casecurity.org/2019/10/10/the-insecure-elephant-in-the-room/ <
> https://casecurity.org/2019/10/10/the-insecure-elephant-in-the-room/>
> I’m going to edit this article for Hackernoon, to include additional
> context about my support *for*encryption, https, padlock and free DV certs.
> I support them all, obviously. But some people assume I don’t support these
> critical elements because I pointed out the negative impact that their
> implementation is having.
> Thanks,
> - Paul
> >
> > Nick.
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
dev-security-policy mailing list

Reply via email to