Apple's browser seems to have the best Extended Validation (EV) support now. FWIW, the webpki crate (Rust) doesn't support EV (certificate policies or related extensions) at all: https://github.com/briansmith/webpki/blob/68fcf3dd3b7f90fc51ebde1397da7b6f5d1e4034/src/cert.rs#L153-L155 ….
-
Show this thread
-
Also, mozilla::pkix, the C++ library that Firefox uses for its EV indicator, only has the bare minimum certificate policy (CP) support necessary for Firefox's EV indicator UI. The first PKI expert that looked at its CP code called it, not inaccurately, "a joke," to many LOLs.
1 reply 2 retweets 6 likesShow this thread -
-
Replying to @fbender_dev
If/when Firefox decides to remove its EV indicator UI, then they can remove almost all the CP code from mozilla::pkix, making it even simpler/better. However, in the eyes of the PKI experts the simplicity/goodness is what they consider bad.
1 reply 0 retweets 1 like
PKIX specs (RFC 5280) were probably written w/ the expectation that products would implement most/all of the complexity specified. However much is technically optional. mozilla::pkix (webpki even moreso) takes advantage of those technicalities to implement as little as possible.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.