EV certificates are dead - HabraHabr.Info

EV certificates are dead

That's it, I said it: extended validation certificates are dead. Of course, you can still buy them (and some companies will sell you with pleasure!), But their benefits have now decreased from “hardly” to “nonexistent”. The change was due to a number of factors, including the increasing popularity of mobile devices, the removal of the visual EV indicator from browsers, from iOS (and also from MacOS Mojave):

3r3r9959.
EV certificates are dead 3r3r9959.
3r311. 3r3r6956. 3r3r9959.
For illustration, I chose the Comodo website, because they showed such despair associated with selling EV, just a month ago sending me a sales letter with the heading "How to get the green address bar for your website." In the letter, they begin to tell the "alternative" version of the truth:

3r3r9959.
3r3r9959.
3r3r9959.
Indeed, this is what Firefox looks like today, but they completely forget to mention in an advertising letter that this is a purely arbitrary visual indicator that is left to the discretion of browser developers. Obviously, Apple has already killed him, but even for many people on Chrome, the Comodo website actually looks very different (Chrome experiment): 3r3959.
3r3r9959.
3r3r9959.
3r3r9959.
The letter says how EV fights phishing, and states the following: 3r3959.
3r3r9959.
3r33932. Displaying a verified company name allows you to quickly identify the legal entity behind the website, which makes phishing and deception difficult. 3r33339. 3r3r9959.
In other words, if we see the name of the company - this leads to a higher level of trust, and if we invert this statement, then if we are not we see the name of the company, this leads to a decrease in confidence, is not it The problem is that people are simply not expect r3r3946. see the name of the company, and there is a very simple, effective demonstration of why this is so:

3r3r9959.
3r3r9959.
3r33943. 3r33944. Ten largest sites in the world: there is no EV 3r3393945 anywhere. 3r33939. 3r3r9959.
3r3r9959.
Comodo continues to convince in the effectiveness of EV, citing a "recent study": 3r3-3959.
3r3r9959.
3r33932. “A recent DevOps.com study found that customers are 50% more likely to trust and buy on sites with a green address bar.” 3r33339. 3r3r9959.
They refer to r3r368. a long page in ComodoStore
and although this is not explicitly stated anywhere, the words imply that the research was somehow independent and impartial: “Devops.com did a survey,” and other similar phrases. I'm He made a comment on this back in July , but this screenshot says everything you need to know about the motives of the “survey”:

3r3r9959.
3r376. 3r3r9959.
3r3r9959.
I honestly tried to find out the customer of this work, first writing the author Tony Bradley, and not receiving a reply, I requested on twitter 3r3381. @TechSpective
where he is the chief editor, and @devopsdotcom (by the way, my followers) who published the poll:

3r3r9959.
3r33961. 3r33939.
Still trying to get an answer on this, can @RealTonyBradley , 3r3394. @TechSpective
or @devopsdotcom kindly clarify? The motives behind this study are 3r3r9959. 3r3r9959. Does anyone have a contact clarity? 3r3-300. https://t.co/Ylw9Jird1g
3r33921. - Troy Hunt (@troyhunt) August 2? 201 3r33339.
3r33926. 3r33973.
3r33975. 3r3r9959.
In the end, a completely obvious fact was confirmed by Tony Bradley. He apologized for the late reply, because he rarely logged on Twitter, and called the customer - Comodo CA. 3r3r9959.
3r3r9959.
3r33961. 3r33939.
Hey. My apologies for taking so long to respond. I post a lot, but rarely look at mentions or replies on Twitter. Report was commissioned by Comodo CA. 3r33921. - Tony Bradley (@RealTonyBradley) August 2? 201 3r33339.
3r33926. 3r33973.
3r33975. 3r3r9959.
I would like to see this indication in the report itself, because Comodo's involvement clearly leads to bias. It’s as if the oil company orders a report with the conclusion that fossil fuels are not harmful to the environment, or the tobacco company will declare that smoking is not harmful to health. If you still think that DevOps.com really believes in the "benefit" of EV certificates, take a look at their own:

3r3r9959.
3r3r9959.
3r3r9959.
This resource is repeatedly mentioned in the comodo mail advertising letter, but let's move on. They further declare that you can “activate the green address bar” by simply purchasing an EV certificate:

3r3r9959.
3r33932. "To activate the green address bar on your website, you just need to purchase and install the SSL Extended Validation (EV) certificate." 3r33339. 3r3r9959.
Only not in the world's most popular browser for iOS:

3r3r9959.
3r3152. 3r3r9959.
3r3r9959.
And not in Chrome for Android, the most popular OS in the world:

3r3r9959.
3r3161. 3r3r9959.
3r3r9959.
Let's take a look at Microsoft Edge on iOS, and again this predictable result:

3r3r9959.
3r33170. 3r3r9959.
3r3r9959.
This is very, very important screenshots that reduce the value of EV for two key reasons. First, already almost 2/3 of all page views in the world come from mobile devices 3r3956. . That is, the screenshots above show the prevailing view that the site owner should think about. Secondly, as a result, companies cannot tell their customers to expect EV, because most of them will never see it. Despite this, Comodo suggests that EV has the benefit of a “longer green security line”:

3r3r9959.
3r33932. "The big green security bar is a very clear signal to the user that the site is safe." 3r33339. 3r3r9959.
Do you know what exactly is such a signal? The green icon next to the Chrome URL on the desktop! And if you read it and think: “Wait, Chrome no longer does that,” then you are absolutely right. The icon no longer stands out and there is no word 3r3393943. Secure :

3r3r9959.
3r3193. 3r3r9959.
3r3r9959.
The change in Chrome 69 of September 4 affected not only DV, but also sites with EV:

3r3r9959.
3r3202. 3r3r9959.
3r3r9959.
Here I try to emphasize that visual indicators are completely at the discretion of browser developers and change over time. Thus, the phrase "How to get the green address bar on your site" is now even more incorrect than when it was written! In fact, the only more or less accurate representation of EV in this letter is the recognition that you are 3r3207. Can't get the certificate EV wildcard . But wait! There is an easily accessible solution, just a little more expensive, it is called multidomain certificate r3r3956. This option is the default for
Comodo's Enterprise SSL Pro with EV Multi-Domain really save you $ ??? *:

3r3r9959.
3r3r9959.
3r3r9959.
* Note: you need to spend $ ???? to get this savings

3r3r9959.
For clarity, this is not a four-year certificate. As the text below shows, the CA /B Forum rules limit the maximum validity of a certificate to two years, and then you need to manually repeat the verification and issuance process. But damn, it will not allow us to sell certificates for 4 years! 3r3r9959.
3r3r9959.
And what if you are not extend certificate? Well, you get is 3r3r6956. :

3r3r9959.
3r3r9959.
3r3r9959.
You might think, “Well, that’s kind of obvious, as is the case with DV,” but there are nuances. First, the neglect of certificate renewal occurs with alarming regularity, and this happens with big guys. For example, 3r34343. Microsoft forgot to update secure.microsoft.co.uk in 200? . Too long ago? They are did not renew the certificate for the Azure domain in 2013 . And of course, such problems are not only for Microsoft: well, HSBC forgot to renew the certificate in 2008 3r3956. ,
Instagram has this problem happened three years ago , and LinkedIn has last year . There are many, 3r3393943. a lot of [/i] Other examples, and they all make it clear the same truism: if there is an important and repetitive task, automate it! 3r3r9959.
3r3r9959.
Which brings me to the second point: updating the certificate should be automated, and this is something you simply cannot do if identity verification is required. With a DV certificate, automation is simple; it is the cornerstone of Let's Encrypt and a really important attribute of this service. Recently, I spent some time with the development team at a large European bank, and they were seriously thinking about abandoning EV for just that reason. In fact, not only for this reason, there was also a risk that they would need to get a new certificate very quickly (for example, because of the compromise of keys), which is much more difficult for EV than for DV. In addition, long-term certificates actually create additional risks due to 3r33259. broken revocation procedure
therefore, fast iterations (for example, Let's Encrypt certificates last 3 months) become an advantage. Certificates valid for two years are 3r3394343. not [/i] advantage, except in terms of making money on them

3r3r9959.
(Paradoxically, the LinkedIn story at the link above is linked to TheSSLStore.com which is a reseller of certificates. You understand the risks, but instead of offering automation as part of a certificate renewal solution, they offer solutions that "scale to enterprise level" Certification, such as Comodo, which, of course, pushes EV. There is no mention of Let's Encrypt. It is 3r3-33267 loudly criticized for issuing certificates to phishing sites 3r3956. same 3r3956.! 3r3959.
3r3r9959.
Lack of support for wildcard is one of the main technical the reasons why EV should be avoided (other reasons are basically just common sense), and filling in the subjectAltName field can hardly be called a sufficient alternative. For example, we have a wildcard certificate on our website Report URI 3r3956. , so you can send reports at https: //[my company name].report-uri.com, and we have hundreds of such subdomains. Comodo is happy to support this scale: 3r3r9959.
3r3r9959.
3r3r9959.
3r3r9959.
In addition, we have with
By Scott Helm There is really no $ 808 thousand, it is also far from the real wildcard certificate, because at the time of its issuance you will have to specify all host names instead of dynamic maintenance. 3r3r9959.
3r3r9959.
And the last point in this marketing letter is the promise of a guarantee:

3r3r9959.
3r3r9959.
3r3r9959.
It refers directly to the page with super expensive multi-domain EV certificates and does not even try to explain the essence of the guarantee, which is a bit strange. But it is quite understandable, because no one really knows what a guarantee is and whether anyone ever applied for it . Seriously - this should not be a frivolous statement, Scott and I honestly tried to figure it out at the beginning of the year - and simply could not get direct answers. When I managed to enter into a dialogue, I was accused of being “out of nerds”: 3r3-3959.
3r3r9959.
3r33961. 3r33939.
I’m trying to make it clear. Real customers want to know how to use it. Do you know? 3r33921. - Troy Hunt (@troyhunt) February 2? 201 3r33339.
3r33926. 3r33973.
3r33975. 3r3r9959.
3r33944. Dialogue:

3r33333. Andreas Mallek [/b] : Andy, these guys do not want to admit their difference - they are too much of a nerd to understand that normal people have different needs than people in Nerdville. I communicate both in Nerdville and in the normal world, focusing on the problems of my clients from the real world. See you 3r3959.
3r33333. Troy Hunt [/b] : Andreas, I asked a very reasonable question and this is important because the certificates are sold with a guarantee, and I try to understand what this means. Real customers want to know what this guarantee covers and are there documented examples of its use? Do you know about them? 3r33939. 3r3r9959.
3r3r9959.
By all accounts, this was a very unexpected answer not from anyone, but from the executive director 3r33337. CertCentre
After all, he seems to be the first to appreciate the high importance of a certificate guarantee (provided that it is really important, of course). If you pay such a company for a product with a stated set of functions, then being a “nerd” is quite normal to ask how these functions work, and this should not lead to ridicule from the guy who manages this company. Unfortunately, instead of answering the question, Andreas applied the tried and tested ostrich method:

3r3r9959.
3r33333. 3r3r9959.
3r3r9959.
What really raises questions is that the guarantee is sold for money (of course, you do not receive a guarantee with Let's Encrypt certificate), but they are not ready to explain thathtrno you get for your money. CertCentre also actively promotes the guarantee as an “element of the highest level of security” 3r3956. :

3r3r9959.
3r33354. 3r3r9959.
3r3r9959.
But friends, if you can't even write the word 3r3393943 correctly. Warranty [/i] What are the real chances of understanding what she is doing ?! 3r3r9959.
3r3r9959.
Another nail in the coffin of EV is 3r33333. Scott's semi-annual report Alexa Top 1M from last month. It provides encouraging statistics on the transition of sites from HTTP to HTTPS: 3r3959.
3r3r9959.
3r33333. 3r3r9959.
3r3r9959.
HTTPS sites are already 52%, which is very good for the Internet as a whole. But I was interested in such a comment regarding EV:

3r3r9959.
3r33932. “Despite the strong growth of HTTPS at the first million sites, there is no growth in the share of EV certificates.” 3r33339. 3r3r9959.
In numbers: in February, 36?005 sites forwarded HTTP requests to HTTPS and ??? of them used EV certificates, which is ???% of HTTPS sites. In August, 48?293 were redirected to HTTPS, and 2?158 of them had EV certificates, which is ???%. In other words, the EV market share declined by about 5%. 3r3r9959.
3r3r9959.
(Note: 48?293 really makes up 52% of the million sample, because of 47 thousand sites, scanning failed and they are excluded from the statistics). 3r3r9959.
3r3r9959.
It turns out that many sites are in fact refuse r3r3946. from EV certificates. A month ago, Scott provided a detailed list of large sites that used EV before. : among them are Shutterstock, Target, UPS and the British police. At about the same time I was Noticed 3r3956. that even Twitter abandoned EV. 3r3r9959.
3r3r9959.
The Twitter story is a bit strange, because in fact you could see whether or not the EV certificate was on their website, depending on your location. This also says something about the effectiveness of EV: if they are ready to remove or add it, then people are unlikely to behave differently and trust the site without EV less. But this is the basis on which the EV mechanic is built! 3r3r9959.
3r3r9959.
Misinformation campaigns are conducted not only by Comodo and CertCentre, but also by many others, for example:

3r3r9959.
3r33961. 3r33939.
An SSL guide at at
https://t.co/tmGYZ4eBPB 3r3155. #guide
3r33417. #evssl
3r33434. #ssl
3r33421. #sslcertificate
3r33434. #infosecurity
3r33434. pic.twitter.com/oPt2FWHnOg
3r33921. - AboutSSL (@aboutssl) August 1? 201 3r33339.
3r33926. 3r33973.
3r33975. 3r3r9959.
In addition to the selection of historical browsers (how old is this image ?!), in 3r3438. Article link 3r3956. The following statement is made: 3r3959.
3r3r9959.
3r33932. “Web security experts recommend using an EV SSL certificate for platforms such as e-commerce, banks, social media, healthcare, government, and insurance platforms.” 3r33339. 3r3r9959.
I'm not sure who they refer to in the first words, but I know that, apart from banks, this statement simply does not hold water for other industries. It is easy to demonstrate how fundamentally wrong it is. 3r3r9959.
3r3r9959.
Here is The world's largest e-commerce sites . Click each one and see if they have an EV:

3r3r9959.
3r33584.
3r? 3596. 3rr3461. Amazon
3r3599.
3r? 3596. 3r33466. Netflix
3r3599.
3r? 3596. 3r33471. eBay 3r3956. 3r3599.
3r3601. 3r3r9959.
You can say that Alexa incorrectly classified Netflix as an e-commerce site, well then look at the next most popular walmart.com - and get the same result. There is no EV anywhere. 3r3r9959.
3r3r9959.
Moving on. C 3r3484. social media is the same situation
:

3r3r9959.
3r33584.
3r? 3596. Facebook 3r3599.
3r? 3596. Twitter 3r3599.
3r? 3596. LinkedIn 3r3599.
3r3601. 3r3r9959.
As discussed earlier, Twitter has a small identity crisis in terms of whether it supports EV, so for faithfulness, check out the fourth largest website: this is 3r33510. Pinterest
. 3r3r9959.
3r3r9959.
On 3r?316. The world's most popular health care sites
the same:

3r3r9959.
3r33584.
3r? 3596. 3r33525. National Health Institute 3r3956. 3r3599.
3r? 3596. 3r? 3530. WebMD 3r3956. 3r3599.
3r? 3596. 3r33535. Mayo Clinic
3r3599.
3r3601. 3r3r9959.
No EV. At all. Not the only one. 3r3r9959.
3r3r9959.
I could not find a clear list of the largest public websites, so I pulled the data out of 3r-3546. night crawling Alexa Top 1M from Scott
and chose the largest sites in the .gov zone. The National Institute of Health is the largest, but we have already reviewed it, so we take the following three: 3r3959.
3r3r9959.
3r33584.
3r? 3596. 3r33555. Indian Agency for Unique Identification
(which has 3r33557. other fundamental problems with HTTPS support
) 3r35999.
3r? 3596. 3r? 3562. The Tax Inspectorate of India
3r3599.
3r? 3596. 3r? 3567. GOV.UK
3r3599.
3r3601. 3r3r9959.
By now, you have already realized that the chance to meet EV is at least somewhere minimal. You are right - not a single hit. 3r3r9959.
3r3r9959.
Finally, 3r33578. top insurance sites
:

3r3r9959.
3r33584.
3r? 3596. 3r33587. United Services Automobile Association
3r3599.
3r? 3596. 3r? 3592. Kaiser Permanente
3r3599.
3r? 3596. 3r? 3597. Geico
3r3599.
3r3601. 3r3r9959.
We found one! USAA really has an EV certificate! The other two don't, but that's at least something, right? 3r3r9959.
3r3r9959.
If “web security experts” recommend EV for these classes of sites, then obviously these sites do not listen to them. So such recommendations are poetic. 3r3r9959.
3r3r9959.
Another set of unsubstantiated claims about SSL is that EV "increases the conversion of transactions", "reduces the departure from the shopping cart" and "protects against phishing attacks." One can understand why they make such statements: the reason is visible in the form of buttons immediately below the text:

3r3r9959.
3r31616. 3r3r9959.
3r3r9959.
So, we are back to a clear bias. But hey, they are just trying to do business, so I understand the motives. You can still assume that starting such a business, they themselves would like to increase the conversion, is not it? Well, that's funny:

3r3r9959.
3r33625. 3r3r9959.
3r3r9959.
Even the EV seller is smart enough not to spend money on it! In addition, we recall that the “green address bar” itself has now completely disappeared thanks to the most popular browser in the world, which killed it in version 69.

3r3r9959.
There is an argument with phishing. It is often stated that EV somehow reduces it. This is what is stated on the slide from the Entrust presentation since the beginning of this year:

3r3r9959.
3r3638. 3r3r9959.
3r3r9959.
There are a whole bunch of frauds here, and for the best analysis read this thread 3r3956. from Ryan Slevi. He analyzed 3r33645. study 3r3r6956. on which the slide is based. 3r3r9959.
3r3r9959.
Ryan is a very smart cryptographer who works on Chromium, and he has an excellent ability to display any nonsense clearly. In the end he is
sums up the situation r3r3956. : “In general, this is a bad article. But even worse, they are trying to pass it off as a “data” study. At the same time, an erroneous methodology and a selective approach are used to support a business model that relies on users who are fully responsible for detecting changes in the user interface. ” 3r3r9959.
3r3r9959.
That is, we return to the fact that EV will be effective only if people change their behavior due to a change in UI. In reality, people do not know what to pay attention to, and this change itself gradually ceases to exist. Either the change is too insignificant for people to pay attention to it. Remember the first screenshot in the article where Safari browser no longer displays the registered company name in the EV certificate? Compare it with the screenshot of my blog, also open in Safari on iOS 12:

3r3r9959.
3r3661. 3r3r9959.
3r3r9959.
See the difference? The EV site URL and the castle next to it are now green, while the DV site is in black. Therefore, now, in order to create a corresponding expectation among users, they need to say to look for green URL and lock unless they use Chrome, which has completely removed all the green elements! Obviously, how ridiculous it is to explain to users such nuances in the browser, especially considering the speed of their change. 3r3r9959.
3r3r9959.
Returning to the About SSL site, there is a video where the speaker explains the advantages of EV in the same theses that we reviewed. Video about 6 minutes, if you have the patience to watch:

3r3r9959.
3r33961. 3r33962. 3r3393963. 3r33965. 3r33975. 3r33975. 3r33975. 3r3r9959. <br>We can go directly to the interesting, for example, when the lead (and 3r3-3686. Comodo 3r3956 product marketing manager.) Talks about the EV criticality for a financial transaction: 3r3959. <br>3r3r9959. <br>3r33932. “At the most critical moment when deciding whether to complete a transaction, this striking visual indicator (green line EV) with information confirming the company name, location and certification authority gives the necessary confidence to make a decision.” 3r33339. 3r3r9959. <br>The thesis is supported by a screenshot of the site<br>Excalibur Cutlery & Gifts </a> :<br> <br>3r3r9959. <br><img src="https://habrastorage.org/getpro/habr/post_images/21c/8f6/fae/21c8f6fae0553858405b553f620ac16f.jpg" style="max-width:100%;" alt=""> 3r3r9959. <br>3r3r9959. <br>You probably already feel that you will and you are right:<br> <br>3r3r9959. <br>3r33737. 3r3r9959. <br>3r3r9959. <br>No EV. No commercial DV at all, but a completely normal 3r33943. free </i> Let's Encrypt certificate. The video is like from an archaic era: it opens sites in IE8 on Windows XP I can’t do anything, but there is a feeling that the situation is somewhat outdated. It turned out that way:<br> <br>3r3r9959. <br><img src="https://habrastorage.org/getpro/habr/post_images/6d3/563/940/6d35639401487898bf9df3789828fe01.png" style="max-width:100%;" alt=""> 3r3r9959. <br>3r3r9959. <br>I would not evaluate the video almost a decade ago from today's position, but there are the same theses expressed as today. And of course, 3r3727 refers to the article with this video. tweet 3r3956. , published just a month ago under the guise of "An Important Guide to the Advanced Certificate Verification SSL", so everything is fair. 3r3r9959. <br>3r3r9959. <br>Comodo is not the first time uses to promote EV sites on which 3r3393943. no [/i] EV. Most recently, someone showed me a letter from Comodo with a reminder about the renewal of the domain:<br> <br>3r3r9959. <br><img src="https://habrastorage.org/getpro/habr/post_images/c33/db5/5af/c33db55af54404664fd4c18927b4bedc.png" style="max-width:100%;" alt=""> 3r3r9959. <br>3r3r9959. <br>Naturally, he became interested in the site <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly93d3cubW9zdGx5ZGVhZC5jb20v" target="_blank"> Mostlydead.com </a> and wanted to see how the “increase in sales by 20%” went (according to Ken Creeze). Well, you understand, because EV "increases consumer confidence." Looks like no more:<br> <br>3r3r9959. <br>3r33750. 3r3r9959. <br>3r3r9959. <br>The more you delve into the topic, the more you are convinced that EV is almost dead. After all, this is not just a random site that has moved from EV to DV. This site is <i> specially selected to demonstrate the value of EV </i> ! It should be an example of EV value, and Comodo advertises it to this day. However, we see that Ken Crease clearly changed his mind about the effectiveness of EV (and maybe he never had that opinion). 3r3r9959. <br>3r3r9959. <br>The situation with EV is starting to look like this:<br> <br>3r3r9959. <br>3r33737. 3r3r9959. <br>3r3r9959. <br>But we have not finished yet: I want to mention another site that previously had an EV certificate, and now returned to DV. This site:<br> <br>3r3r9959. <br>3r3774. 3r3r9959. <br>3r33943. 3r33944. Translator’s note: Hoyp’s website with a database of stolen accounts was launched by Troy Hunt<br>himself. 3r33939. 3r3r9959. <br>3r3r9959. <br>I changed the certificate the day before yesterday, and so far nobody has even mentioned it. No one. Not a soul, and my audience is much better versed in things than your average user. Naturally, there was no shortage of people who might have noticed a change during this period:<br> <br>3r3r9959. <br><img src="https://habrastorage.org/getpro/habr/post_images/a4b/a33/b37/a4ba33b3793917fb7d3d16c753b46756.png" style="max-width:100%;" alt=""> 3r3r9959. <br>3r3r9959. <br>Almost two years ago I wrote about r3r3794. your journey into the world of EV-certificates<br>. As in many of my articles, I studied on the go; I wanted to go through the EV certification process myself (others have always done it before), and I wanted to see if it really had any meaning. At that time I honestly did not understand and finished the article like this:<br> <br> <br>3r33932. “All these things with EV certificates are difficult to measure in terms of value. I have no idea how many more people will check their email address in the service, how much more media coverage or donations they will receive. No idea at all. ” 3r33339. 3r3r9959. <br>Two years later, I am quite convinced of the conclusion: there is no value. But this does not mean that there is <i> lack of </i> In the presence of such a certificate, there are simply no advantages. As the renewal date was approaching (December 14), I called and asked to withdraw it in advance in order to return to the free, released Cloudflare. There is absolutely no reason to pay for renewal (I immediately paid $ 472 for a two-year certificate), and there was no reason to wait for the expiration date, except for 3r3806. aversion to loss<br>, and it has as much meaning as EV certificates. 3r3r9959. <br>3r3r9959. <br>I often wondered what was the point of paying for EV or DV certificates in an era of freely available certificates. I visit many companies around the world, discussing HTTPS, and when I try to probe this question, I regularly hear the phrase “No one has ever been fired for buying IBM”. I was looking for a good link to explain the meaning of this phrase - and found the perfect one in 3r-3812. defining fud from wikipedia<br>:<br> <br>3r3r9959. <br>3r33932. “By spreading dubious information about the shortcomings of lesser-known products, an established company can prevent decision-makers from choosing these products instead of their own, regardless of their relative technical merit. This is a recognized phenomenon, embodied by the traditional axiom of purchasing agents, that “no one has yet been fired for purchasing equipment from IBM”. The goal is for IT departments to buy the technically worst software because top management is more likely to recognize the brand. ” 3r33339. 3r3r9959. <br>In other words, people make ignorant decisions about what they consider to be “safe” because of the marketing FUD. I suspect that a similar mentality is with companies placing third-party “security seals” on their websites. They do not have enough knowledge and understanding that 3r3822. they can actually increase the risk of<br>, but damn, they were so advertised! 3r3r9959. <br>3r3r9959. <br>So yes - there is no more EV on HIBP, and no one will miss it, which is fully consistent with the experience of others who refused extended validation certificates: 3r3959. <br>3r3r9959. <br>3r33961. 3r33939.<br>We’ve seen that we’ve seen it<br>- Fernando Miguel (@BlnaryMlke) <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS9CbG5hcnlNbGtlL3N0YXR1cy8xMDMyODg0NzQyOTMxMjcxNjgwP3JlZl9zcmM9dHdzcmMlNUV0Znc%3D" target="_blank"> August 2? 201 </a> 3r33339.<br>3r33926. 3r33973.<br>3r33975. 3r3r9959. <br>3r33932. "This month we abandoned EV, improved the speed of the TLS handshake, and neither said that something was missing." 3r33339. 3r3r9959. <br>3r33961. 3r33939.<br>We have replaced EV cert by <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS9sZXRzZW5jcnlwdD9yZWZfc3JjPXR3c3JjJTVFdGZ3" target="_blank"> @letsencrypt </a> on our payment portal for this reasons:<br>- Automatic renewal (no long and complicated manual process)<br>- price<br>- people do not care about cert type<br>- shorter expiration = quicker restore from potential compromise<br>- Tomáš Hála (@tomashala) <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS90b21hc2hhbGEvc3RhdHVzLzEwMzI5NjkxODc3ODkwNzQ0MzM%2FcmVmX3NyYz10d3NyYyU1RXRmdw%3D%3D" target="_blank"> August 2? 201 </a> 3r33339.<br>3r33926. 3r33973.<br>3r33975. 3r3r9959. <br>3r33932. “On the payment portal, we replaced the EV certificate with @letsencrypt:<br> <br>- automatic extension (without a long and complicated manual process, reducing the risk of expiration) 3r3959. <br>- price 3r3959. <br>- people do not care about the type of certificate<br> <br>- more often an update - faster recovery from possible compromise ”3r3333933. 3r3r9959. <br>3r33961. 3r33939.<br>We’ve realized that it’s safe Cost saving is a bonus<br>- Anthony Green (@nthonygreen) <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS9udGhvbnlncmVlbi9zdGF0dXMvMTAzMzAxNzM1NzUxMjI2MTYzOD9yZWZfc3JjPXR3c3JjJTVFdGZ3" target="_blank"> August 2? 201 </a> 3r33339.<br>3r33926. 3r33973.<br>3r33975. 3r3r9959. <br>3r33932. “We realized that people trust the cute green badge more than our unfamiliar company name. Saving is a bonus. ” 3r33339. 3r3r9959. <br>3r33961. 3r33939.<br>I disagree with that about cost. Target and don’t like to spend $ 1k on a cert. I think it’s about awareness. I’ve seen it all on my site. But will I renew it? Nope! Because I’ve learned how they are. 3r33921. - Jim Michael (@jimmichael) <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS9qaW1taWNoYWVsL3N0YXR1cy8xMDMzMDIxNTQwODE0ODAyOTQ0P3JlZl9zcmM9dHdzcmMlNUV0Znc%3D" target="_blank"> August 2? 201 </a> 3r33339.<br>3r33926. 3r33973.<br>3r33975. 3r3r9959. <br>3r33932. “I do not agree with the fact that the matter is in price. Target and other giants don't care about $ 1000 per certificate. I think the thing is awareness. I know that 18 months ago, an EV certificate seemed like a good idea for my .org site. But will I renew it? No! Because I realized their senselessness. " 3r33339. 3r3r9959. <br>3r33961. 3r33939.<br>Can’t say who /where - the biggest factors were 1. Needed a wildcard for improved flexibility. 2. Costs were no longer justifiable, especially considering multiple subdomains. 3. Lack of consumer awareness. 3r33921. - Jessassin (@Jessassin) <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly90d2l0dGVyLmNvbS9KZXNzYXNzaW4vc3RhdHVzLzEwMzMyNTQwNjYwMzY0MzY5OTI%2FcmVmX3NyYz10d3NyYyU1RXRmdw%3D%3D" target="_blank"> August 2? 201 </a> 3r33339.<br>3r33926. 3r33973.<br>3r33975. 3r3r9959. <br>3r33932. “I can not say what became the main factor: 1. The need for a wildcard to increase flexibility. 2. Costs are no longer justified, especially considering several sub-domains. 3. The lack of user awareness means that hardly anyone noticed the changes. ” 3r33339. 3r3r9959. <br>The article was a long one, because every time I sat down to write, there appeared new evidence of the absolute meaninglessness of EV. I started taking notes long before some of the events listed, including before the release of Chrome 69 and the removal of the green address bar, which killed one of the main trump cards of EV marketing. This is not to say that EV is the only technology that gradually died from a thousand cuts. Once such certificates were a good product, but now the situation is completely different - and this is just a senseless relic of a bygone era. Browser manufacturers are aware of this and act accordingly. Just a matter of time, when the last nail is slaughtered in the coffin of EV:<br> <br>3r3r9959. <br>3r340940. 3r3r9959. <br>3r33943. 3r33944. Chrome Canary v70 is trying to remove the names of the companies EV-SSL, I wonder if it will fall into the final release? 3r33939. 3r33939. 3r3r9959. <br>3r3r9959. <br>When Chrome finally removes the visual EV indicator from the browser (just as they did on mobile devices, and as Apple did in the Safari line), it will be good and really put an end to EV. Perhaps then the FUD will finally end. 3r3r9959. <br>3r3r9959. <br>I will give you one last little proof of the absolute futility of EV: this is my lecture in London at the beginning of this year. Here is <a href="https://habrahabr.info/engine/go.php?url=aHR0cHM6Ly93d3cueW91dHViZS5jb20vZW1iZWQvYVNLOGxHUGdGZ0U%2Fc3RhcnQ9MTgwMQ%3D%3D" target="_blank"> moment </a> when I start talking about EV, and that interaction with the audience here is significant. See how the room responds, full of smart techies, when I ask what visual indicators they expect to see on popular sites. Enjoy! 3r3r9959. <br>3r3r9959. <br>3r33961. 3r33962. 3r3393963. <iframe src="https://www.youtube.com/embed/aSK8lGPgFgE?rel=0&showinfo=1&start=1801&hl=en-US" style="border:0;width:100%;height:100%;" allowfullscreen scrolling="no"> 3r33965. 3r33975. 3r33975. 3r33975. 3r33975.<br>! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o]src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e. ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r33973.<br>3r33975.

It may be interesting

Comments

About article

Similar news

where to buy forskolin 22 July 2019 12:09

Great customer service. Very receptive and show which they value their patients. where to buy forskolin I love the truth that every thing was started on time. All my problems was resolved without sensation overwhelmed or rushed. Every thing was described to me in step-by-step and I feel confused when I left. I knew what was precisely estimated of me.

weber
Author

4-10-2018, 03:16
Publication Date

Information Security / IT Standards
Category

Comments: 1

Views: 311

TLS and Web Certificates

Irish Bookmakers Programmer

Firefox and the pseudo-class

Reducing the credibility of Symantec

DigiCert recalls 23 thousand SSL

How to get others to answer your

Write a comment

Name:*

E-Mail:

Comments

I have read your excellent post. This is a great job. I have enjoyed reading your post first time. I want to say thanks for this post. Thank you... www.fizzasurgical.com/

Today, 20:44
erum

Your post is very helpful to get some effective tips to reduce weight properly. You have shared various nice photos of the same. I would like to thank you for sharing these tips. Surely I will try this at home. Keep updating more simple tips like this.바카라 전략

Stars Magic est un portail de réservation de magiciens mentalistes professionnels. Vous cherchez un illusionniste pour votre événement ? Notre plateforme vous met en relation avec un illusionniste proche de chez vous pour réussir votre soirée d'entreprise, votre cocktail, votre lancement de produit, votre arbre de noël, votre mariage ou votre anniversaire. Sur notre site, vous découvrirez également comment apprendre la magie avec une école de magie en ligne.magicien mentaliste Toulouse

Today, 19:44
raymond weber

Thanks for providing recent updates regarding the concern, I look forward to read more. detectives privados barcelona

Today, 15:25
raymond weber

This was a shocking post. It has some look at here fundamental data on this subject.vpn 추천

Today, 14:03
raymond weber

A leader is one who knows the way, goes the way, and shows the way. levitra side effects

Today, 13:47
ebeyshop

Adv

Website for web developers. New scripts, best ideas, programming tips. How to write a script for you here, we have a lot of information about various programming languages. You are a webmaster or a beginner programmer, it does not matter, useful articles will help to make your favorite business faster.

Login

Login:

Password:

Remember

Registration Forgot password