82
edits
Security:EV: Difference between revisions
→Contra
No edit summary |
(→Contra) |
||
| Line 19: | Line 19: | ||
* The CA/Browser forum, which maintains the standard, is not accessible to all the CAs in the Mozilla root certificate store, because of the requirement for a Webtrust audit. | * The CA/Browser forum, which maintains the standard, is not accessible to all the CAs in the Mozilla root certificate store, because of the requirement for a Webtrust audit. | ||
* While the Mozilla project has one vote in the Forum, we cannot control for certain how the EV guidelines may change in the future. | * While the Mozilla project has one vote in the Forum, we cannot control for certain how the EV guidelines may change in the future. | ||
* [http://www.usablesecurity.org/papers/jackson.pdf | * It has been suggested[http://www.usablesecurity.org/papers/jackson.pdf] that some UI presentations of EV are ineffective against phishing. | ||
* The standard has been criticized for a very high ''barrier to entry'' for middle and smaller sized CAs, without providing any benefits to relying parties because of low or non-existent liability[http://financialcryptography.com/mt/archives/000835.html]. | |||
== Proposals and Suggestions == | == Proposals and Suggestions == | ||