[cabfpub] Chrome security warning discrepancy?

Chema Lopez clopez at firmaprofesional.com
Mon Jan 26 08:38:46 MST 2015


Yes, for goodness' sake!!

2015-01-25 16:25 GMT+01:00 Ben Wilson <ben.wilson at digicert.com>:

> Time for an international treaty on browser security indicators?
>
> See
> http://en.wikipedia.org/wiki/Vienna_Convention_on_Road_Signs_and_Signals#Traffic_lights
> .
>
> *From:* Stephen Davidson [mailto:S.Davidson at quovadisglobal.com]
> *Sent:* Saturday, January 24, 2015 12:09 PM
> *To:* Ben Wilson; Dean Coclin; CABFPub (public at cabforum.org)
> *Subject:* RE: Chrome security warning discrepancy?
>
>
>
> In Chrome all valid SSL normally have “identity verified”.  The difference
> is that DV and OV show the URL, while EV shows the Subject O.
>
>
>
> I think Chrome is showing “identity not verified” for SHA1-based certs
> with validity into 2016.
>
>
>
> Regards, Stephen
>
>
>
>
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org
> <public-bounces at cabforum.org>] *On Behalf Of *Ben Wilson
> *Sent:* Saturday, January 24, 2015 2:58 PM
> *To:* Dean Coclin; CABFPub (public at cabforum.org)
> *Subject:* Re: [cabfpub] Chrome security warning discrepancy?
>
>
>
> Dean wrote, “Does anybody understand this?”
>
>
>
> My response – “no”.
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org
> <public-bounces at cabforum.org>] *On Behalf Of *Dean Coclin
> *Sent:* Saturday, January 24, 2015 9:55 AM
> *To:* CABFPub (public at cabforum.org)
> *Subject:* [cabfpub] Chrome security warning discrepancy?
>
>
>
> I recently downloaded the newest version of Chrome (Version 40.0.2214.91
> m)  and am now baffled by the certificate information. Here are 2 examples:
>
>
>
> This screen shot shows https://www.Marriott.com. First it shows the green
> lock and https as a normal indication of a secure connection. But below it
> says the site is using outdated security settings. I thought if it said
> this, then we would see a yellow indication (triangle or question mark)
> above. Have things changed?
>
>
>
> Further, it says “Identity not verified” even though the site has
> undergone OV vetting and all information in the cert about the company was
> checked.
>
>
>
>
>
> Contrast this to the 2nd site below,
> https://www.carbon2cobalt.com/statuslogin.asp which has a DV cert yet
> says “Identity verified”:
>
>
>
> Both sites have had their domain names “validated” yet why say “Identity
> verified” with a DV cert and not an OV cert?
>
> Does anybody understand this?
>
> Thanks,
> Dean
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>


-- 
[image: AC Firmaprofesional S.A.] <http://www.firmaprofesional.com/>




*Chema López González AC Firmaprofesional S.A.*


Av. Torre Blanca, 57.
Edificio ESADECREAPOLIS - 1B13

08173 Sant Cugat del Vallès. Barcelona.
Tel: 93.477.42.45 / 666.429.224

El contenido de este mensaje y de sus anexos es confidencial. Si no es el
destinatario, le hacemos saber que está prohibido utilizarlo, divulgarlo
y/o copiarlo sin tener la autorización correspondiente. Si ha recibido este
mensaje por error, le agradeceríamos que lo haga saber inmediatamente al
remitente y que proceda a destruir el mensaje.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150126/56af5ab3/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 56335 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20150126/56af5ab3/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 23665 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20150126/56af5ab3/attachment-0003.png 


More information about the Public mailing list