[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Richard Wang richard at wosign.com
Wed Feb 15 05:49:37 UTC 2017


According to my knowledge, in the SSL history, OV SSL is the standard SSL certificate before DV SSL and EV SSL come out. DV SSL is a deformed products invented by GeoTrust for fast issuance and reduce cost, it is widely used by fraud websites after it came out, then come out EV SSL to solve the problem.

True Identity and trust is more important than encryption only.

Best Regards,


From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Christian Heutger via Public
Sent: Tuesday, February 14, 2017 8:49 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Christian Heutger <ch at psw.net>
Subject: Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

> DV is the standard of SSL certificates on the market. No browser or user agent recognizes OV as providing any value-added security (as communicated to users), so if you believe it does, it's likely due to CAs suggesting such, not browsers. EV is a technically flawed

> standard whose value to cost is also questionable, and which is also not the standard for which we (Google) want to bring to market to customers.

DV is somehow worth nothing on the view of trust. It’s encryption only, nothing else. DV wouldn’t require the authentication part of the SSL/TLS protocol, as if the server is the server, that’s the only thing, which is proven, why there should be any authentication. Certificates are about to proof identity, provide trust, where to submit details to (not only, that they are transmitted secure, but they also are transmitted secure to the right place). It’s wrong, that OV is not recognized, it’s wrong, if EV would be removed. It damages all the education, which has been done on https, it damages all the trust in secure internet, it damages the whole internet. As meanwhile the european union with eIDAS trys to improve electronical transaction through europe and settles standards like qualified web server certificates, I read here steps backward to an unsecure internet. I’m worring about such a future.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170215/1cdee5bb/attachment-0003.html>

More information about the Public mailing list