|
|
|
|
|
|
by My1
2474 days ago
|
|
|
EVs and security is a fun topic, including obvious sarcasm. They generally are more secure for 3 reasons: 1) hardfail on revocation checks
2) you can't get around any errors generated by an EV
3) you can't fake them by truststore manipulation (except ie and maybe edge) as the ev roots are hard compiled into the browser and not dependent on the external trust store. Validation would have been a 4th reasons if it wouldn't be for all the obvious problems with it especially lately. The problem is what people imply or are made to imply from different cert types. Back in the day people were told to just check for the lock, which obviously is dumb considering now everyone can get a dv for free. Then with EV CAs told people that sites with ev are more trustworthy. Obviously nonsense considering the excluded usages of EVs in the cabforum documents. EVs are only supposed to make a hard link between an offline and online legal entity, and even that failed with stripe.ian.sh (although that's not exactly the fault of EVs) EVs now get so much higher implied security that the real vs implied security ratio is obviously very ugly while DVs becoming standard obviously have much more real security than implied (if people check the urlbar correctly) |
|
|