Agreed! Did you read our proposal on the Extended Validation Certificates thread? Shall I post it here as well?
Tyler Close wrote: > On 11/7/06, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: >> Duane wrote: >> > Since phishing exists happily with no SSL, why would they start using >> > SSL all of a sudden now that EV's are being discussed? >> > >> Somehow I have to agree with this statement. EV certificates solve >> perhaps partially a certification problem, not necessarily the pishing >> problem. > > Section B.2.(b) of the Draft EV Guidelines also states that the EV > proposal only secondarily addresses phishing. It seems EV is neither > proposed to have, nor believed to have, a major impact on the phishing > problem as it exists today. > > Change to a primary user interface widget in the browser, such as the > Address bar, is a major change. Unless the proposed change promises > immediate and dramatic improvement, I don't see why there should be > any rush to adoption. Surely we have time for user studies and other > debate over the impact of the change. This particular bucket of water > is not aimed at the fires that concern us most. > > Given the serious problems with browser security, such as phishing and > XSS, I don't understand why the EV proposal is consuming any of > Mozilla's precious development resources or affecting any release > plans. Shouldn't the EV proposal be developing as just another addon, > like any other low-to-mid priority change? Why is it jumping straight > to consideration by Mozilla for inclusion in the mainline code? > > Tyler > -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
