[Scott_Helme_]

As the organisations that stand to benefit financially from selling these indicators, perhaps it's CAs that should invest in the research? CAs seem to constantly point at the browsers as the party responsible for doing that research, but I don't see why.

[nailer]

Totally agreed CAs dropped the ball on research too. It's not an either/or thing: browsers makers need to ensure their security UX helps people understand what they're connecting to and CAs need to do the same and additionally ensure their verification processes are robust.

[Scott_Helme_]

But, didn't browser vendors do that and that's why the EV indicator is being moved to a less prominent location?..

[nailer]

No, browser vendors have not tested verification markers that are consistent with other platforms. See the top post in this thread.

[Scott_Helme_]

That's not what I asked, that's a straw man.

Browser vendors have tested the efficacy of the current EV indicator, resulting in the current action.

If you feel that testing an alternative indicator consistent with other platforms is a good idea, then perhaps that's where the CAs should start their research.

[nailer]

>>>> browsers makers need to ensure their security UX helps people understand what they're connecting to

>>> But, didn't browser vendors do that

>> No, browser vendors have not tested verification markers that are consistent with other platforms.

> That's not what I asked, that's a straw man.

Doesn't seem like much of a straw man to me. Investigating whether browser security UX helps people understand what they're connecting to logically includes looking at designs other than the current one.

> then perhaps that's where the CAs should start their research.

Yes. And browsers too.