[144445] in North American Network Operators' Group
Re: EV SSL Certs
daemon@ATHENA.MIT.EDU (Coy Hile)
Mon Sep 12 08:09:43 2011
Date: Mon, 12 Sep 2011 12:08:56 +0000
From: Coy Hile <coy.hile@coyhile.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>
> On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
> <morrowc.lists@gmail.com> wrote:
>
>> what's the real benefit of an EV cert? (to the service owner, not the
>> CA, the CA benefit is pretty clearly $$)
>
> The benefit is to the end user.
> They see a green address bar =A0with the company's name displayed.
>
> Yeah, company's name displayed -- individuals cannot apply for EVSSL cert=
s.
>
>
> With normal certs, the end user doesn't see a green address bar, and
> instead of the company's
> name displayed "(unknown)" is displayed and
> "This web site does not supply ownership information." =A0is displayed.
>
> If you ask me, hiding the company's name even when present on a non-EVSSL
> cert is tantamount to saying =A0"Only EV-SSL certs are really trusted any=
ways".
>
> So maybe =A0instead of these shenanigans browser makers should have just
> started displaying a "don't trust this site" warning for any non-EVSSL ce=
rt.
>
As an academic aside, exactly what would one set on his (internal)
root CA so that internally-trusted certs signed by that CA would show
up as EV certs?
