Re: EV SSL Certs

[Coy Hile <coy.hile () coyhile com>]

> On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
> <morrowc.lists () gmail com> wrote:
>
> > what's the real benefit of an EV cert? (to the service owner, not the
> > CA, the CA benefit is pretty clearly $$)
>
> The benefit is to the end user.
> They see a green address bar  with the company's name displayed.
>
> Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
>
>
> With normal certs, the end user doesn't see a green address bar, and
> instead of the company's
> name displayed "(unknown)" is displayed and
> "This web site does not supply ownership information."  is displayed.
>
> If you ask me, hiding the company's name even when present on a non-EVSSL
> cert is tantamount to saying  "Only EV-SSL certs are really trusted anyways".
>
> So maybe  instead of these shenanigans browser makers should have just
> started displaying a "don't trust this site" warning for any non-EVSSL cert.

As an academic aside, exactly what would one set on his (internal)
root CA so that internally-trusted certs signed by that CA would show
up as EV certs?