[cabfpub] downgrade DV UI RE: OIDs for DV and OV

Ryan Sleevi sleevi at google.com
Tue Nov 4 03:25:14 UTC 2014


On Nov 3, 2014 5:54 PM, "Richard Wang" <richard at wosign.com> wrote:
>
> Hi all,
>
>
>
> I think we not only need to add DV and OV OID to end user certificate,
but also the browsers should downgrade the DV UI to tell users that this
site true identity is not verified! SSL not just for encryption, but also
for identity, identity is more important than secure in now cyber situation.
>
> Currently, all browser treat DV UI same as OV, this is NOT acceptable:
>
> Chrome display a GREEN padlock like OV and say “Identity verified”, is
this info correct?
>
>
>
> I like the DV UI of Comodo Dragon browser, it display a problem padlock
and say “domain ownership verified”, this is the correct information for
end user, DV SSL only verified domain ownership, NOT the website identity!
>
>
>
> I wish all browsers can downgrade the DV UI like Comodo browser, this is
very fair to OV SSL user and benefit end user, this will help end user to
know this site true identity is not verified.  Sure, the basis is the SSL
certificate must have the DV OID for easy identification for browsers and
third party.
>
>
>
> Currently, all spoof websites are using DV SSL to cheat end user this
site has same padlock as OV SSL since the DV SSL is easy to get and cheap
even free.
>
>
>
> All comments are welcome, I wish the DV SSL will die in the future since
the site identity is more important than encryption, spoof site has SSL is
no any good meaning and is more dangerous than no SSL.
>

That is correct, because SSL is not an anti-spoofing mechanism, despite
some marketing it as such. DV is the single most important mechanism for
securing the internet, and desiring a world without DV is to ignore the
significant - but perhaps commercially uninteresting - value it provides.

This is just the same conversation of having browsers recognize OV, which
none of the main browser vendors have expressed any interest in doing (and
indeed, have made clear remarks against). While unsurprising to see a
browser from a CA doing this, you are unlikely to see it elsewhere.

>
>
>
>
> Best Regards,
>
>
>
> Richard
>
>
>
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Dean Coclin
> Sent: Thursday, October 30, 2014 10:34 PM
> To: public at cabforum.org
> Subject: Re: [cabfpub] OIDs for DV and OV
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141103/de534426/attachment-0003.html>


More information about the Public mailing list