Kyle Hamilton:
>> Indeed everything not coming from the same web site which is otherwise
>> EV should be blocked. It's something like "mixed content"...
>>
>
> So, you're stating that you propose that anyone using EV is suddenly
> required (due to the Subject restriction) to move ALL aspects of the
> website in-house, and are either barred from using third-party
> services that are better than any code they can come up with or are
> required to obtain EV certificates with their own Subject for
> individual instances of every third-party service that they use?

Yes, why not? Having multiple sub domains or even different domains 
within the same (EV) certificate isn't an issue, but when visiting an EV 
site, I'd expect to stay on the EV site. EV is meant to be for 
high-profile sites which have a well known brands...just read the EV 
guidelines.

I really expect Paypal not to use Google Analytics (no matter how good 
those are).

>
> Sure.  How much does it cost per-EV certificate?

Huuu? Nobody ever worried about the costs (besides me), why of a sudden 
should that matter now?

> And, don't any of
> the EV guidelines state that the private key associated with the
> certificate must always be in the hands of the organization named in
> the Subject?

Did I propose something different?

>
> And, out of curiosity, does StartCom have an EV root?
>

Soon to come :-)

-- 
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog:   https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to