Well, I think I need to ask this question: Who are we trying to protect by being part of the EV system?
Are we trying to protect the sites that have EV certificates? (no) Are we trying to protect the trust that we're trying to build in the EV infrastructure? (yes) Are we trying to protect the CAs and the trust that they're trying to build? (not really) Are we trying to protect the Mozilla Foundation? (yes) Or are we trying to protect the users who have to deal with sites that have security exploits pop up? (YES.) The overriding concern seems to be to protect the users, and protect the trust in the EV structure. The fact that in order to do that we also incidentally have to help the sites with the EV certificates is secondary, and shouldn't even be a concern. Do not cut off the nose to spite the face. Do not try to make a point that will, by being made, destroy what many people have been trying to build. -Kyle H On Thu, Jul 3, 2008 at 11:44 PM, Eddy Nigg <[EMAIL PROTECTED]> wrote: > Kyle Hamilton: >> https://www.paypal.com/cgi-bin/webscr/cgi-bin/webscr?cmd=_ssr&return=http%3A%2F%2Fpaypal-cgi-bin.s6.pl/?cgi-bin.webscrcmd=_login-run.webscrcmd=_account-run.DisputeTransactionID.2LC956793J776333Y >> >> This is a valid PayPal URL that issues a redirect to an external site, >> which just happens (at this moment) to spoof the PayPal layout. > > They really should eat their own brew they cook! Whereas the Mozilla > community is every now soooo concerned about providing phishing > protection for Paypal by all means, they give a damn. > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Blog: https://blog.startcom.org > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
