EV SSL Certs
cody at killsudo.info
Mon Sep 12 13:37:19 UTC 2011
On Monday, September 12, 2011 12:08:56 PM Coy Hile wrote:
> > On Sun, Sep 11, 2011 at 9:08 PM, Christopher Morrow
> > <morrowc.lists at gmail.com> wrote:
> >> what's the real benefit of an EV cert? (to the service owner, not the
> >> CA, the CA benefit is pretty clearly $$)
> > The benefit is to the end user.
> > They see a green address bar with the company's name displayed.
> > Yeah, company's name displayed -- individuals cannot apply for EVSSL
> > certs.
> > With normal certs, the end user doesn't see a green address bar, and
> > instead of the company's
> > name displayed "(unknown)" is displayed and
> > "This web site does not supply ownership information." is displayed.
> > If you ask me, hiding the company's name even when present on a
> > non-EVSSL
> > cert is tantamount to saying "Only EV-SSL certs are really trusted
> > anyways".
> > So maybe instead of these shenanigans browser makers should have just
> > started displaying a "don't trust this site" warning for any non-EVSSL
> > cert.
> As an academic aside, exactly what would one set on his (internal)
> root CA so that internally-trusted certs signed by that CA would show
> up as EV certs?
The certificate would need a authority specific OID included in the extension
field and you would have to modify the browser to acknowledge the OID as
NOC & Sys Admin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 230 bytes
Desc: This is a digitally signed message part.
More information about the NANOG