[dividuum]

The only reason to get EV certs is the supposedly "safe" green organization field. As demonstrated it can be circumvented by anyone with minimal monetary motivation. Why even bother in that case? I rate that as "does not help in any real way".

[mehrdadn]

> As demonstrated it can be circumvented by anyone with minimal monetary motivation. Why even bother in that case?

Same goes for the lock on your door. Why do you bother? Just take it off.

[dividuum]

I never said that. The alternative isn't no lock of course. It's the free lock that's equally safe to the one with the green "this is safe" sticker that you pay a premium for.

[mehrdadn]

You do realize the "lock" in this analogy that you claimed "does not help in any real way" is the EV, not the encryption?

[dividuum]

I'm not going to continue this argument as it seems pointless. There's a reason Chrome and others moved away from prominently showing EV properties:

https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...

[mehrdadn]

There most certainly was a reason, just not your reason (circumvention). Read the page you linked to. It literally says "users did not notice it", "users do not notice their absence", "users do not react as intended to positive or neutral security UI". It was user-focused. Not attacker-focused.

But I do agree it's pointless to keep continuing this.