On Fri, 13 Apr 2012 16:25:26 +0300 Henri Sivonen wrote: > (Dunno how important this > concern is. That is, I don't know how realistic it is for a MITM to > gain the capability to fake non-EV certificates but not to gain the > capability to fake EV certificates.)
EV certs are pointless except for making money for CAs as sites worry unfortuantely quite rightly that without an EV they will lose customers. In security terms the world is worse with the false sense of security that EV brings than without EV at all. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
