Heikki Toivonen wrote: > > Some people have pushed for making SSL errors such that you cannot just > click OK and proceed to the site. I'd like to see that happen. Interesting! Can you be more specific on what you propose here? > > Hmm, so is your suggestion that instead of EV we should use something > like petnames instead? I don't think petname-like systems alone can > solve the problem nor do I think EV alone can solve the problem. I think > we need both. This thread is about discussing EV. > The anti-pishing tool put forward by Google-Mozilla is very effective. Other tools exists additionally. Digital certification is rarely used by the 200,000 plus pishing sites, but digital certification solves different problems, such as protection by encryption and identity verification for sharing of information.
This thread is about, if and how the UI should be affected - if at all - when encountering a EV certificate. EV certification is a new and under development standard in addition to many others, including common policies and practices of CA's. Currently I have seen opposition to this from various sides. > I fail to find the logic in not letting me know the identity of the > website operators I want to do business with. > And I fail to understand, why you shouldn't know the identity of the web site operator? -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
