[cabfpub] downgrade DV UI RE: OIDs for DV and OV

Richard Wang richard at wosign.com
Tue Nov 4 13:09:07 UTC 2014

How about display “domain ownership verified” instead of “Identity verified”


And if can’t downgrade DV, then how about upgrade that display padlock and organization name near the padlock like EV, but the address bar still white, not green.


I think browser should have the different UI for DV and OV SSL.



Best Regards,




-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Tuesday, November 4, 2014 5:39 PM
To: Richard Wang; Dean Coclin; public at cabforum.org
Subject: Re: [cabfpub] downgrade DV UI RE: OIDs for DV and OV


On 04/11/14 01:52, Richard Wang wrote:

> I think we not only need to add DV and OV OID to end user certificate, 

> but also the browsers *should downgrade the DV UI* to tell users that 

> this site true identity is not verified!


I disagree with that as a blanket statement.


There are many Internet businesses which are known simply by their domain name. "match.com", and so on. For them, a DV certificate, which proves that the holder of the certificate owns match.com, has verified their identity to a degree which is often sufficient.


Clearly, this is not all you need in every case, but it's not true to say that "identity is not verified" for DV certificates. It depends what sort of identity verification an end user needs.


> Chrome display a GREEN padlock like OV and say “Identity verified”, is 

> this info correct?


It says that underneath a reprint of the domain name - which is the piece of identity which has been verified.


> All comments are welcome, I wish the DV SSL will die in the future 

> since the site identity is more important than encryption, spoof site 

> has SSL is no any good meaning and is more dangerous than no SSL.


DV is the only plausible route to the web being secure by default. It is not going to go away.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141104/7c8fa028/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5099 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141104/7c8fa028/attachment-0001.p7s>

More information about the Public mailing list