<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Calibri">We are also getting complaints from some of our
customers, as we are unable to show them where such UI change was
documented, and they think the blame is ours (somehow).<br>
<br>
Adriano<br>
<br>
<br>
</font>
<div class="moz-cite-prefix">Il 26/01/2015 17:09, Dean Coclin ha
scritto:<br>
</div>
<blockquote
cite="mid:14D026C7F297AD44AC82578DD818CDD037FFF38C32@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Thanks Stephen.
Is that documented anywhere? While I recall reading a lot
about deprecated UIs for SHA-1 certs, I don’t remember
anything about the “identity validated” piece being
different. If that’s the case, it’s extremely misleading to
end users who have no idea nor are expected to know what
SHA1 even is.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Dean<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Stephen Davidson [<a class="moz-txt-link-freetext" href="mailto:S.Davidson@quovadisglobal.com">mailto:S.Davidson@quovadisglobal.com</a>]
<br>
<b>Sent:</b> Saturday, January 24, 2015 2:09 PM<br>
<b>To:</b> Ben Wilson; Dean Coclin; CABFPub
(<a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a>)<br>
<b>Subject:</b> RE: Chrome security warning discrepancy?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">In Chrome all
valid SSL normally have “identity verified”. The difference
is that DV and OV show the URL, while EV shows the Subject
O.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I think Chrome
is showing “identity not verified” for SHA1-based certs with
validity into 2016. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,
Stephen<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Saturday, January 24, 2015 2:58 PM<br>
<b>To:</b> Dean Coclin; CABFPub (<a
moz-do-not-send="true"
href="mailto:public@cabforum.org">public@cabforum.org</a>)<br>
<b>Subject:</b> Re: [cabfpub] Chrome security warning
discrepancy?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Dean wrote,
“Does anybody understand this?”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">My response –
“no”.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> <a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Dean Coclin<br>
<b>Sent:</b> Saturday, January 24, 2015 9:55 AM<br>
<b>To:</b> CABFPub (<a moz-do-not-send="true"
href="mailto:public@cabforum.org">public@cabforum.org</a>)<br>
<b>Subject:</b> [cabfpub] Chrome security warning
discrepancy?<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I recently downloaded the newest version of
Chrome (Version 40.0.2214.91 m) and am now baffled by the
certificate information. Here are 2 examples:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This screen shot shows <a
moz-do-not-send="true" href="https://www.Marriott.com">https://www.Marriott.com</a>.
First it shows the green lock and https as a normal indication
of a secure connection. But below it says the site is using
outdated security settings. I thought if it said this, then we
would see a yellow indication (triangle or question mark)
above. Have things changed?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Further, it says “Identity not verified”
even though the site has undergone OV vetting and all
information in the cert about the company was checked.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img id="Picture_x0020_1"
src="cid:part8.07060702.01040906@staff.aruba.it" border="0"
height="604" width="364"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Contrast this to the 2<sup>nd</sup> site
below, <a moz-do-not-send="true"
href="https://www.carbon2cobalt.com/statuslogin.asp">https://www.carbon2cobalt.com/statuslogin.asp</a>
which has a DV cert yet says “Identity verified”:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img id="Picture_x0020_3"
src="cid:part10.06090103.02040802@staff.aruba.it" border="0"
height="546" width="316"><o:p></o:p></p>
<p class="MsoNormal">Both sites have had their domain names
“validated” yet why say “Identity verified” with a DV cert and
not an OV cert?<o:p></o:p></p>
<p class="MsoNormal">Does anybody understand this?<br>
<br>
Thanks,<br>
Dean<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<i><span style="font-family: Serif">Adriano Santoni</span></i>
</div>
</body>
</html>