[llvm-dev] Bugzilla invalid certificate issues

Stephen Checkoway via llvm-dev llvm-dev at lists.llvm.org
Mon Feb 13 17:57:37 PST 2017

> On Feb 13, 2017, at 15:24, Chris Matthews <chris.matthews at apple.com> wrote:
> EV certs attempt validate the identity of the organization that holds them.  That is a nice assurance to have from a place that makes the thing that compiles your code.

Although I appreciate that concern, downloads are currently available only via http (or via https with a TLS cert warning about invalid common name) so any improvement here would be good (as just happened with bugs.llvm.org)

As an aside, EV certs don't really offer a guarantee of identity validation (indeed EV certs have been misissued in the past [1]). They're really a form of Jackson's and Barth's "finer-grain origin" [2] which, as they point out, isn't respected by the browser's same origin policy. Although I'm not aware of any studies on this, I'd be shocked if even expert users noticed that a site moved from EV certs to DV certs. There's much more security to be had with HSTS.

1. https://security.googleblog.com/2015/09/improved-digital-certificate-security.html
2. https://seclab.stanford.edu/websec/origins/fgo.pdf

Stephen Checkoway

More information about the llvm-dev mailing list