Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

["Hughes, Scott GRE-MG" <SHughes () GREnergy com>]

On Sep 11, 2011, at 9:44 PM, "Christopher Morrow" <morrowc.lists () gmail com> wrote:

> On Sun, Sep 11, 2011 at 10:23 PM, Jimmy Hess <mysidia () gmail com> wrote:
> > On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
> > <morrowc.lists () gmail com> wrote:
> >
> > > what's the real benefit of an EV cert? (to the service owner, not the
> > > CA, the CA benefit is pretty clearly $$)
> >
> > The benefit is to the end user.
> > They see a green address bar  with the company's name displayed.
> >
> > Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
>
> this isn't really a benefit though, is it? isn't the domain-name in
> the location bar doing the same thing?

No. As a counter example... How may domain names do Wells Fargo and Citibank (Citi Corp? Citi Group?) operate 
respectively? I'm a customer, and I can't keep it straight. 

Companies that wrap their services with generic domain names (paymybills.com and the like) have no one to blame but 
themselves when they are targeted by scammers and phishing schemes. Even EV certificates don't help when consumers are 
blinded by subsidiary companies and sister companies daily (Motorola Mobility a.k.a. Google vs. Motorola Solutions.)


NOTICE TO RECIPIENT: The information contained in this message from
Great River Energy and any attachments are confidential and intended
only for the named recipient(s). If you have received this message in 
error, you are prohibited from copying, distributing or using the
information. Please contact the sender immediately by return email and
delete the original message.