Kyle Hamilton wrote: > My view: > > Anything that comes from an EV-validated site should be viewed as > being approved by that EV-validated site.
Right. So shouldn't we be concerned if it's possible, by subverting DNS, to make this not true for EV+DV mixed sites? > The details of the contracts are very unimportant to the end-user. > The EV site is bound by its own privacy policy, and it's bound to > ensure contractually that every site that it delegates to, every > business that it delegates any function to, adheres to a minimum > standard described by and defined by its privacy policy. In what jurisdictions are privacy policies themselves legally binding? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
