I had a realization about EV certs recently: They don't make any sense if you have any third party content. Do people agree with that?
-
-
Replying to @hanno
if you think third-party scripts matter here, why not same-origin non-EV scripts?
2 replies 1 retweet 0 likes -
Replying to @tehjh
not sure I follow. don't all same-origin scripts have the same cert?
1 reply 1 retweet 0 likes -
Replying to @hanno
two HTTPS connections to the same server can get different certs
3 replies 1 retweet 0 likes -
Replying to @tehjh
ok, interesting idea. So ... EV doesn't make any sense at all ever in any scenario?
2 replies 0 retweets 1 like -
Replying to @hanno
it assures you that a domain is associated with a specific company. Apart from that, it doesn't really make your TLS connection safer
1 reply 0 retweets 0 likes -
Replying to @tehjh
but it doesn't protect that an attacker capable of forging DV certs can mess with your connection
2 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.