npub1v6…s9004 on Nostr: kravietz 🦇 npub12wfyg…f8kwl npub199wcw…6n803 npub1llzxp…w08cq You are ...
kravietz 🦇 (npub1vz5…qdta) npub12wfyg7nljr8h25apv0c2fvqd2l5dcmdymc9d3x7zdy2xtzztaysq7f8kwl (npub12wf…8kwl) npub199wcwgvkde7wnu22asa9qlg7wzlj4ff6s3qkmvsmgkffaep24nhqq6n803 (npub199w…n803) npub1llzxpc6c3w92hczu49dsxcfqkp5tl9f5e30urrgf2v8tqnu7pkgsww08cq (npub1llz…08cq)
You are talking about the part where the certificate is bound to an organization name. I believe that part of the cert is basically useless, because (a) humans operating browsers won't be surprised by its lack (b) they have been conditioned to expect weird-looking organization names sometimes.
Over the parts of CAB forum history I've seen (I don't participate, just look at it once in a while) I haven't ever seen issues where a CA was issuing incorrect EV certs without also issuing incorrect DV certs. The latter did appear quite a few times, including cases where the CA tried to muddy the waters as much as they could.
For these two reasons I think that EV-like validation (i.e. validation that isn't affected by the domains the cert is bound to) is a complete red herring in the CA system. I understand that people want to make it not a red herring, but the immediate change here is making these CAs able to issue DV certs (or am I wrong?).
You are talking about the part where the certificate is bound to an organization name. I believe that part of the cert is basically useless, because (a) humans operating browsers won't be surprised by its lack (b) they have been conditioned to expect weird-looking organization names sometimes.
Over the parts of CAB forum history I've seen (I don't participate, just look at it once in a while) I haven't ever seen issues where a CA was issuing incorrect EV certs without also issuing incorrect DV certs. The latter did appear quite a few times, including cases where the CA tried to muddy the waters as much as they could.
For these two reasons I think that EV-like validation (i.e. validation that isn't affected by the domains the cert is bound to) is a complete red herring in the CA system. I understand that people want to make it not a red herring, but the immediate change here is making these CAs able to issue DV certs (or am I wrong?).