On 12/6/18 10:03 AM, Jakob Bohm via openssl-users wrote:
> On 05/12/2018 17:59, Viktor Dukhovni wrote:
>> IIRC Apple's Safari is ending support for EV, and some say that EV
>> has failed, and are not sorry to see it go.
>
> This is very bad for security. So far the only real failures have
> been:
>
> 1. Some cloud provider(s) actively want to reduce all TLS security to
> the anonymous form provided by Let's encrypt, and are doing their worst
> to sabotage EV providing CAs.
Quoting from Peter Gutmann's "Engineering Security",
section "EV Certificates: PKI-me-Harder"
Indeed, cynics would say that this was exactly the problem that
certificates and CAs were supposed to solve in the first place, and
that “high-assurance” certificates are just a way of charging a
second time for an existing service.
I fully agree with the above and I'm also for removing this crap from
the browser UI.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
