On Thu, Aug 29, 2019 at 5:18 PM Kirk Hall via dev-security-policy < [email protected]> wrote:
> > In this case, the use of EV certificates, and the presumption of > > reputation, would lead to actively worse security. > > > > Did I misunderstand the scenario? > > Don't argue with me, argue with the browser phishing filters and > anti-phishing services who do, in fact, use EV website information to > protect users as I described. Presumably they know what they are doing. Sorry that it sounded like I'm arguing. I'm just trying to understand the premise, since it so obviously has security holes that would make EV certificates more dangerous for any user who relied on such services. Could you point to the browsing phishing filters and anti-phishing services that do? It might be an opportunity for you to find out how they deal with this, and report back, so we don't have to presume anything. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
