On Monday, September 12, 2011 12:08:56 PM Coy Hile wrote:
On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
<morrowc.lists@gmail.com> wrote:
what's the real benefit of an EV cert? (to the service owner, not the CA, the CA benefit is pretty clearly $$)
The benefit is to the end user. They see a green address bar with the company's name displayed.
Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
With normal certs, the end user doesn't see a green address bar, and instead of the company's name displayed "(unknown)" is displayed and "This web site does not supply ownership information." is displayed.
If you ask me, hiding the company's name even when present on a non-EVSSL cert is tantamount to saying "Only EV-SSL certs are really trusted anyways".
So maybe instead of these shenanigans browser makers should have just started displaying a "don't trust this site" warning for any non-EVSSL cert. As an academic aside, exactly what would one set on his (internal) root CA so that internally-trusted certs signed by that CA would show up as EV certs?
The certificate would need a authority specific OID included in the extension field and you would have to modify the browser to acknowledge the OID as legitmate. Regards, Cody Rose NOC & Sys Admin