[snowwrestler]

Corporate name collisions are not a problem that EV was intended to solve.

The point of an EV is that it ties TLS authentication back to a legal identity. Ian even helpfully points out that that the two "Stripe" companies, his and the famous payment company, have different corporate filings. He even links to them!

I would argue that this demonstrates, not disproves, the value of EV. A DV cert would not be traceable to any corporate filing at all.

[eridius]

> The point of an EV is that it ties TLS authentication back to a legal identity. Ian even helpfully points out that that the two "Stripe" companies, his and the famous payment company, have different corporate filings. He even links to them!

But that doesn't matter. The whole point of EV was that users would see the name in the address bar and trust it. If the model requires users to click through and read the details of the corporate filings, then EV was already a failure before it began.

[snowwrestler]

> The whole point of EV was that users would see the name in the address bar and trust it.

This is not the point of EV. That's what I'm trying to say here.

It's obvious this would never be 100% reliable because sometimes the corporation has a different (lesser known) name from the popular product, and sometimes company names are similar.

The idea that EV only works if consumers 100% recognize and trust every possible green name is a strawman that was propped up to be knocked down.

[eridius]

But it literally is the selling point. If customers aren't expected to see the green text in the status bar and implicitly trust it, then EV has no value whatsoever. Because 0.00000001% of people will actually click through to see anything past the company name. Hell, I don't even have the slightest clue how to see the corporate filings. When I click through to see chase.com's certificate all I know is it's a company "JPMorgan Chase and Co." in NYC and it was issued by something called "Entrust, Inc."