[cabfpub] downgrade DV UI RE: OIDs for DV and OV

Richard Wang richard at wosign.com
Mon Nov 3 18:52:47 MST 2014 

Hi all,

 

I think we not only need to add DV and OV OID to end user certificate, but also the browsers should downgrade the DV UI to tell users that this site true identity is not verified! SSL not just for encryption, but also for identity, identity is more important than secure in now cyber situation.

Currently, all browser treat DV UI same as OV, this is NOT acceptable:

 Chrome display a GREEN padlock like OV and say “Identity verified”, is this info correct?

 

I like the DV UI of Comodo Dragon browser, it display a problem padlock and say “domain ownership verified”, this is the correct information for end user, DV SSL only verified domain ownership, NOT the website identity! 



 

I wish all browsers can downgrade the DV UI like Comodo browser, this is very fair to OV SSL user and benefit end user, this will help end user to know this site true identity is not verified.  Sure, the basis is the SSL certificate must have the DV OID for easy identification for browsers and third party.

 

Currently, all spoof websites are using DV SSL to cheat end user this site has same padlock as OV SSL since the DV SSL is easy to get and cheap even free.

 

All comments are welcome, I wish the DV SSL will die in the future since the site identity is more important than encryption, spoof site has SSL is no any good meaning and is more dangerous than no SSL.

 

 

Best Regards,

 

Richard

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
Sent: Thursday, October 30, 2014 10:34 PM
To: public at cabforum.org
Subject: Re: [cabfpub] OIDs for DV and OV

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141104/cc260c37/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 11389 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141104/cc260c37/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 15560 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141104/cc260c37/attachment-0003.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5075 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141104/cc260c37/attachment-0001.bin

More information about the Public mailing list