On Friday, December 15, 2017 at 4:06:02 PM UTC-6, Ryan Sleevi wrote: > It also perpetuates the myopic and flawed view as a phishing mitigation, > whose reliance is upon users checking it (again, user hostile)
Ryan, several times now you've characterized the expectation that users check that the name listed on an EV certificate matches their expectations as "user-hostile". Could you clarify why it is you believe this practice is user-hostile while at the same time, expecting users to check the domain name listed in the URL bar is not? (Or perhaps you believe that both practices are user-hostile?) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
