On 2007-02-05, Heikki Toivonen <[EMAIL PROTECTED]> wrote: > Ben Bucksch wrote: >> Even if we have generic UI (like green bar), it does not help us, if we >> have nothing to back it up. We should not show "Good" unless we're sure >> the site is *trustworthy* - not just verified address/identity, not on >> blacklist, etc., but really a site that we can recommend. > > It has been said many times that EV is not about trustworthiness.
If EV contributes nothing to a measure of "trustworthiness", then what is the point of it? What the user actually wants to know is whether a site is trustworthy, and they will be making that decision based on their understanding of what the site and UI says, and the UI indications will be (at least partly) based on whether a site has an EV certificate. It may be impossible for EV to indicate trustworthiness in itself, but the result of it is part of how the user determines what to trust, so there is a connection. -- Michael _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
