Both mine and Ian's demonstrations never harmed or deceived anyone as they were proof of concept. The EV certs were properly validated to the EV guidelines. Both companies are legitimate. So what's the issue? None.
On Thu, Apr 12, 2018 at 8:05 PM, Eric Mill via dev-security-policy < [email protected]> wrote: > On Thu, Apr 12, 2018 at 2:57 PM, Eric Mill <[email protected]> wrote: > > > > > > Of course, that would break his proof-of-concept exploit. Which is the > >> right outcome. It demonstrates that an EV certificate used in a manner > >> which might cause confusion will be revoked. They're not stopping him > from > >> publishing. He can still do that, without the benefit of an EV > certificate. > >> > > > > The stripe.ian.sh site itself is not likely to cause confusion, and was > > not an exploit. Here's what stripe.ian.sh looks like right now: > > > > (Inline images don't appear to play too well with m.d.s.p, so I've attached > the image to this email.) > > -- > konklone.com | @konklone <https://twitter.com/konklone> > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
