EV SSL Certs

Coy Hile coy.hile at coyhile.com
Mon Sep 12 07:08:56 CDT 2011


>
> On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>
>> what's the real benefit of an EV cert? (to the service owner, not the
>> CA, the CA benefit is pretty clearly $$)
>
> The benefit is to the end user.
> They see a green address bar  with the company's name displayed.
>
> Yeah, company's name displayed -- individuals cannot apply for EVSSL certs.
>
>
> With normal certs, the end user doesn't see a green address bar, and
> instead of the company's
> name displayed "(unknown)" is displayed and
> "This web site does not supply ownership information."  is displayed.
>
> If you ask me, hiding the company's name even when present on a non-EVSSL
> cert is tantamount to saying  "Only EV-SSL certs are really trusted anyways".
>
> So maybe  instead of these shenanigans browser makers should have just
> started displaying a "don't trust this site" warning for any non-EVSSL cert.
>

As an academic aside, exactly what would one set on his (internal)
root CA so that internally-trusted certs signed by that CA would show
up as EV certs?



More information about the NANOG mailing list