I had a realization about EV certs recently: They don't make any sense if you have any third party content. Do people agree with that?
-
-
however not sure how practical this is with keep-alive and http2. can mitm force different connections for different requests?
-
well, another way to do this is to let the browser cache an evil script ahead of time. Caching isn't bound to cert/network/...
- 8 more replies
New conversation -
-
-
ok, interesting idea. So ... EV doesn't make any sense at all ever in any scenario?
-
it assures you that a domain is associated with a specific company. Apart from that, it doesn't really make your TLS connection safer
- 3 more replies
New conversation -
-
-
but maybe I just don't understand which property of EV you're talking about
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.