<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"纯文本 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:宋体;}
span.Char
{mso-style-name:"纯文本 Char";
mso-style-priority:99;
mso-style-link:纯文本;
font-family:宋体;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link="#0563C1" vlink="#954F72" style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoPlainText><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D'>How about display “domain ownership verified” instead of “Identity verified”<o:p></o:p></span></b></p><p class=MsoPlainText><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoPlainText><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D'>And if can’t downgrade DV, then how about upgrade that display padlock and organization name near the padlock like EV, but the address bar still white, not green.<o:p></o:p></span></b></p><p class=MsoPlainText><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoPlainText><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D'>I think browser should have the different UI for DV and OV SSL.<o:p></o:p></span></b></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Best Regards,<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Richard<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>-----Original Message-----<br>From: Gervase Markham [mailto:gerv@mozilla.org] <br>Sent: Tuesday, November 4, 2014 5:39 PM<br>To: Richard Wang; Dean Coclin; public@cabforum.org<br>Subject: Re: [cabfpub] downgrade DV UI RE: OIDs for DV and OV</span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>On 04/11/14 01:52, Richard Wang wrote:<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> I think we not only need to add DV and OV OID to end user certificate, <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> but also the browsers *should downgrade the DV UI* to tell users that <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> this site true identity is not verified!<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>I disagree with that as a blanket statement.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>There are many Internet businesses which are known simply by their domain name. "match.com", and so on. For them, a DV certificate, which proves that the holder of the certificate owns match.com, has verified their identity to a degree which is often sufficient.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Clearly, this is not all you need in every case, but it's not true to say that "identity is not verified" for DV certificates. It depends what sort of identity verification an end user needs.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>> Chrome display a GREEN padlock like OV and say </span><span lang=EN-US style='font-family:"Calibri","sans-serif"'>“</span><span lang=EN-US>Identity verified</span><span lang=EN-US style='font-family:"Calibri","sans-serif"'>”</span><span lang=EN-US>, is <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> this info correct?<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>It says that underneath a reprint of the domain name - which is the piece of identity which has been verified.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>> All comments are welcome, I wish the DV SSL will die in the future <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> since the site identity is more important than encryption, spoof site <o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>> has SSL is no any good meaning and is more dangerous than no SSL.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>DV is the only plausible route to the web being secure by default. It is not going to go away.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Gerv<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p></div></body></html>