<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Microsoft YaHei UI";
panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@Microsoft YaHei UI";
panose-1:2 11 5 3 2 2 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML \9884\8BBE\683C\5F0F Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"\6279\6CE8\6846\6587\672C Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLChar
{mso-style-name:"HTML \9884\8BBE\683C\5F0F Char";
mso-style-priority:99;
mso-style-link:"HTML \9884\8BBE\683C\5F0F";
font-family:Consolas;
color:black;}
span.Char
{mso-style-name:"\6279\6CE8\6846\6587\672C Char";
mso-style-priority:99;
mso-style-link:\6279\6CE8\6846\6587\672C;
font-family:"Microsoft YaHei UI",sans-serif;
color:black;}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma",sans-serif;}
p.Textodeglobo, li.Textodeglobo, div.Textodeglobo
{mso-style-name:"Texto de globo";
mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
p.HTMLPreformatted, li.HTMLPreformatted, div.HTMLPreformatted
{mso-style-name:"HTML Preformatted";
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
p.BalloonText, li.BalloonText, div.BalloonText
{mso-style-name:"Balloon Text";
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle32
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle34
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle35
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle36
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle37
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle38
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle39
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>I think we not only need to add DV and OV OID to end user certificate, but also the browsers <b>should downgrade the DV UI</b> to tell users that this site true identity is not verified! SSL not just for encryption, but also for identity, identity is more important than secure in now cyber situation.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>Currently, all browser treat DV UI same as OV, this is NOT acceptable:<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><img width=303 height=122 id="_x56fe__x7247__x0020_1" src="cid:image002.png@01CFF815.5E6A4C20"></span><span style='font-family:"Calibri",sans-serif;color:#1F497D'> Chrome display a GREEN padlock like OV and say “Identity verified”, is this info correct?<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>I like the DV UI of Comodo Dragon browser, it display a problem padlock and say “domain ownership verified”, this is the correct information for end user, DV SSL only verified domain ownership, NOT the website identity! <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><img width=303 height=131 id="_x56fe__x7247__x0020_2" src="cid:image003.png@01CFF815.5E6A4C20"></span><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>I wish all browsers can <b>downgrade the DV UI like Comodo browser</b>, this is very fair to OV SSL user and benefit end user, this will help end user to know this site true identity is not verified. Sure, the basis is the SSL certificate must have the DV OID for easy identification for browsers and third party.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>Currently, all spoof websites are using DV SSL to cheat end user this site has same padlock as OV SSL since the DV SSL is easy to get and cheap even free.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>All comments are welcome, I wish the DV SSL will die in the future since the site identity is more important than encryption, spoof site has SSL is no any good meaning and is more dangerous than no SSL.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Best Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Richard<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Dean Coclin<br><b>Sent:</b> Thursday, October 30, 2014 10:34 PM<br><b>To:</b> public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] OIDs for DV and OV<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>