Penetration Testing mailing list archives

SSL EV Certificates

From: pand0ra <pand0ra.usa () gmail com>
Date: Wed, 19 Aug 2009 14:47:15 -0600

I was wondering what everyone thought of the EV (Extended Validation)
certificates. Verisign has a document that says the EV certs do not do
code/content signing though the regular class 3 certificates do. Is
this a issue to worry about? I know there is a issue out there that
compromises the browser and can fake the green bar that makes the EV
cert feel safe. Aside from that I would like to know if it is a worthy
investment in security or a marketing ploy. What are your thoughts?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

SSL EV Certificates pand0ra (Aug 21)
- Re: SSL EV Certificates Jan Schejbal (Aug 21)
- Re: SSL EV Certificates David Howe (Aug 24)