| I can totally understand your frustration. It is way too expensive for certificates and costs have gone off the rails. Yes, browsers have removed the green trust bar. Yes, ordinary users have to click on small buttons and manually check against different conventions used by CAs (naming, extensions, OID variants). However, saying that EV provides no extra security not entirely true. At least if we look outside the end-users of a website. It is also used for:
- High security applications that have to ensure their services are trustworthy
- As confidence/trust factors in cyber threat intelligence (if you don't want to get blocked on a false positive, EV is your friend)
- In domain name research when trying to establish ownership
- In machine learning models as an indicator of verifiable trust
- Protects against website copying used in phishing campaigns I'm focusing on HTTPS here as EV is much more relevant in PKI systems. EV should be affordable, relevant, have good UX and provide identity security for end-users of browsers, but it is not. Until that changes, most website owners should not buy it. |