Is anyone else in a position to? Arguably Let's Encrypt's sponsors do by funding the project that will eventually bring down the CA industry, but aside from that browsers are the main party with any influence.
I read @hanno's "telling the industry" as removing EV from UI. I think others mentioned it explicitly in some branches of the thread.
-
-
Huh, I'm familiar with the argument that ev is useless, and agree. I'm not familiar with the argument that ev is harmful, is that what you're claiming?
-
Yeah. See https://stripe.ian.sh/ and especially the Safari behavior.
-
I don't think you can have it both ways here, either ev is useless, or ev is not useless and attacks against the ev ui are harmful. Either way weak proof for the incendiary claim that "browser people" don't care about the user.
-
In the case of Safari, the EV UI actually *suppresses* the user's only easy way of seeing that the site is not the one they intended to visit.
-
In general, special UI presentation for EV is misleading to users, gives false sense of security and wrongly implies non-EV sites are less secure.
-
I don't disagree, but this has nothing to do with the thread you replied to and certainly doesn't prove that "browser people" don't care about users. Does your crypt() implementation support DES? Who's back pocket are you in to support DES in 2018?

-
FWIW I don't think they "don't care about users". I just think they give too much weight to interests of other parties who aren't the user. It's improving in some areas, but slowly.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
