In addition to the mail I just sent, I'd like to point out once again,
how exactly EV is already presented and marketed. Quoting from
http://www.verisign.com/ssl/ssl-information-center/faq/extended-validation-ssl-certificates.html
it says:
/What are the benefits of Extended Validation SSL to Web site
owners?/
/If your site has the “green bar” in IE 7 and your competitor’s site
does not, you appear to be more trusted and more legitimate. That’s a
competitive advantage in the world of e-commerce......When customers see
the green bar and the name of your security vendor, they can interact
with you online, with confidence./
This and more of the same can be expected in the context of EV...and
therefore you might be right with your suggestion below! So even your
suggestion would serve our interest because of the other objections we
have to the proposed EV standard, but right now I'm dead serious, that
this could backfire dangerously under certain circumstances!
Eddy Nigg (StartCom Ltd.) wrote:
Ben Bucksch wrote:
Probably. But I was talking about our browser UI here, not the EV
standard. I was just saying that we should not display /anything/
that implies "safe", at least not for companies like these.
I can't share the same experience concerning Paypal and similar sites,
but poking around the suggested web sites from the previous mail, some
information seems to be quite shocking! Should anything of this be
true (even partly), than this /might/ have legal consequences for any
browser vendor, if the the same browser suggests, that the site in
question can be /"trusted'/ or is /"safe"/ to use...I'm not a lawyer
and I'd suggest in any case to get some legal advice prior to making
any changes which might brake the current flat system and which would
suggest anything along these lines...
------------------------------------------------------------------------
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
