So what should we do as users, well as one person pointed out they plan
to boycott all Microsoft products that contain additions to their
software that supports EV certificates but we can do much more then
that. Remember the only ones to benefit from this are large commercial
CAs such as Verisign, and browsers via kick backs, although it seems
Verisign has spun this so well they won’t need to pay anyone a cent.
This will effect the 99% of small businesses (or even medium sized
business) that can’t justify spending the big bucks to get EV
certificates, it will effect partnerships, sole traders and even in most
cases Universities. If you ever expect to get an EV cert and you’re not
a bank or big company, well forget it, even if you had the money to
cover it, the standard is set so high that you wouldn’t be eligible in
any case.
If you ever thought of running a business over the internet now is the
time to have your say otherwise it could be too late to voice an opinion.
EV certs are being touted by Microsoft as preventing phishing, but as so
few phishing attacks utilise SSL at present this claim is laudable at best.
http://blog.cacert.org/2006/11/194.html
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
"The CA/Browser Forum is a voluntary _*open*_ organization of
certification authorities and vendors of Internet browser
software and other applications."
It's about as open as Microsoft's kernel...
>
> EV certs are being touted by Microsoft as preventing phishing, but as so
> few phishing attacks utilise SSL at present this claim is laudable at best.
With currently only 0.25 % of pishing sites using SSL certification
(including self signed) as shown on this list earlier (source
netcracft), this is certainly the wrong reason for EV
certification...even the guidelines themselves, lists pishing only as
secondary purpose...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390