[llvm-dev] Bugzilla invalid certificate issues

Joerg Sonnenberger via llvm-dev llvm-dev at lists.llvm.org
Tue Feb 14 04:54:40 PST 2017

On Mon, Feb 13, 2017 at 07:57:37PM -0600, Stephen Checkoway via llvm-dev wrote:
> As an aside, EV certs don't really offer a guarantee of identity
> validation (indeed EV certs have been misissued in the past [1]).
> They're really a form of Jackson's and Barth's "finer-grain origin"
> [2] which, as they point out, isn't respected by the browser's same
> origin policy. Although I'm not aware of any studies on this, I'd be
> shocked if even expert users noticed that a site moved from EV certs
> to DV certs. There's much more security to be had with HSTS.

Generally, there are two visible differences:
(1) Historically, browsers used to display EV vs DV with different
colors. I think they gave up on this.
(2) The insurance sum tends to be greater.

Technically, there is no point to EV and I agree that HSTS is likely the
better deal. That said, let the admin work it out.


More information about the llvm-dev mailing list