Gervase Markham wrote: > The EV distinction is clear. And EV exists precisely because the line > between DV and IV/OV is fuzzy, and it would have been very difficult to > correctly discern the difference programmatically.
This is a key point worth emphasizing. We use the terms "IV" and "OV", but they don't really mean anything in objective terms; they just mean that a CA claims to verify identity in some manner, with the exact means varying from CA to CA. In order to implement a strong UI distinction between traditional IV/OV certs and DV certs we would have to determine exactly what each CA is doing, have some sort of objective standard against which we could compare each CA's practices, and enforce such a standard. This would have been a very onerous task, and that's exactly why we supported the CAB Forum initiative to define exactly such a standard, i.e., the EV guidelines. As I wrote before, EV certs are really what CAs were/are supposed to be doing according to traditional ideas of (X.509) PKI, and I would be happy to see the CA market divide into EV certs and non-EV certs, with the former used for all high-value transactions and the latter relegated to low-value transactions, personal and small group sites, etc. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
