82
edits
Security:EV: Difference between revisions
Jump to navigation
Jump to search
→Contra
(→Contra) |
(→Contra) |
||
| Line 19: | Line 19: | ||
* The CA/Browser forum, which maintains the standard, is not accessible to all the CAs in the Mozilla root certificate store, because of the requirement for a Webtrust audit. | * The CA/Browser forum, which maintains the standard, is not accessible to all the CAs in the Mozilla root certificate store, because of the requirement for a Webtrust audit. | ||
* While the Mozilla project has one vote in the Forum, we cannot control for certain how the EV guidelines may change in the future. | * While the Mozilla project has one vote in the Forum, we cannot control for certain how the EV guidelines may change in the future. | ||
* Higher level of validation of the organization, similar to the proposed EV standard, exist and are offered already today by most CAs. It's the subscribers which makes the decision about which level of verification to perform. Therefore EV doesn't provide anything which isn't available today. | |||
* It has been suggested[http://www.usablesecurity.org/papers/jackson.pdf] that some UI presentations of EV are ineffective against phishing. | * It has been suggested[http://www.usablesecurity.org/papers/jackson.pdf] that some UI presentations of EV are ineffective against phishing. | ||
* The standard has been criticized for a very high ''barrier to entry'' for middle and smaller sized CAs, without providing any benefits to relying parties because of low or non-existent liability[http://financialcryptography.com/mt/archives/000835.html]. | * The standard has been criticized for a very high ''barrier to entry'' for middle and smaller sized CAs, without providing any benefits to relying parties because of low or non-existent liability[http://financialcryptography.com/mt/archives/000835.html]. | ||