Eddy Nigg (StartCom Ltd.) wrote: > 1.) Are Google AdWords secured by SSL to start with?
I presume this option is available; otherwise SSL sites couldn't use them without getting mixed content errors. Hmm... unless they are totally JS-driven. I don't know how they work for certain, so that could be the case. > 2.) Should secured pages include such content as third party adverts, > third party analytics and other stuff which might track movement and > content to a third party? Personally I think this would be a basic > breach of the initial purpose of privacy and encrypting content. Just like with any site, you need to assess the practices of the site before deciding to give them any information about yourself. EV doesn't change this; it just makes it more clear who owns the site. > I'd > rather not supply my personal details to (secured) site which has all > kinds of third party scripts included... Hmm. I guess we need to decide how we view the model. If we say that someone using an EV certificate at the top level is taking responsibility for whatever content they include, then actually we should be happy to use Microsoft's model - just use the EV-ness of the top-level page. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
