Kyle Hamilton: > > Even in the case where you require all-EV content, if you try to > perform any additional matching of the Subject (which is what needs to > be matched anyway) you're going to break third-party data feeds and > services. For example, in the aforementioned case, even if Google > were EV'd, what would the chrome look like? Whose name would be on > it? And if that level of paranoia exists, why isn't there a > preference to disable non-EV content and/or EV content where the > Subject on the cert doesn't match the initial request to the EV site? >
Indeed everything not coming from the same web site which is otherwise EV should be blocked. It's something like "mixed content"... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
