Apple's browser seems to have the best Extended Validation (EV) support now. FWIW, the webpki crate (Rust) doesn't support EV (certificate policies or related extensions) at all: https://github.com/briansmith/webpki/blob/68fcf3dd3b7f90fc51ebde1397da7b6f5d1e4034/src/cert.rs#L153-L155 ….
-
-
Is anyone working on improving that?
-
If/when Firefox decides to remove its EV indicator UI, then they can remove almost all the CP code from mozilla::pkix, making it even simpler/better. However, in the eyes of the PKI experts the simplicity/goodness is what they consider bad.
-
PKIX specs (RFC 5280) were probably written w/ the expectation that products would implement most/all of the complexity specified. However much is technically optional. mozilla::pkix (webpki even moreso) takes advantage of those technicalities to implement as little as possible.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.