On 8/22/2019 1:43 PM, kirkhalloregon--- via dev-security-policy wrote:
I can tell you that anti-phishing services and browser phishing filters have also have concluded that EV sites are very unlikely to be phishing sites and so are safer for users.
Whatever the merits of EV (and perhaps there are some -- I'm not convinced either way) this data is negligible evidence of them. A DV cert is sufficient for phishing, so there's no reason for a phisher to obtain an EV cert, hence very few phishing sites use them, hence EV sites are (at present) mostly not phishing sites.
-R _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
