nanog mailing list archives
Re: EV SSL Certs
From: Coy Hile <coy.hile () coyhile com>
Date: Mon, 12 Sep 2011 12:08:56 +0000
On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow <morrowc.lists () gmail com> wrote:what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$)The benefit is to the end user. They see a green address bar with the company's name displayed. Yeah, company's name displayed -- individuals cannot apply for EVSSL certs. With normal certs, the end user doesn't see a green address bar, and instead of the company's name displayed "(unknown)" is displayed and "This web site does not supply ownership information." is displayed. If you ask me, hiding the company's name even when present on a non-EVSSL cert is tantamount to saying "Only EV-SSL certs are really trusted anyways". So maybe instead of these shenanigans browser makers should have just started displaying a "don't trust this site" warning for any non-EVSSL cert.
As an academic aside, exactly what would one set on his (internal) root CA so that internally-trusted certs signed by that CA would show up as EV certs?
Current thread:
- Re: EV SSL Certs Coy Hile (Sep 12)
- Re: Re: EV SSL Certs Cody Rose (Sep 12)
- Re: EV SSL Certs Jimmy Hess (Sep 12)
- Re: EV SSL Certs Coy Hile (Sep 12)