Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was a red herring the entire time. At Shopify we made experiment regarding conversion between regular certs and EV before they stop being displayed and there was no significant difference. The users don't notice the absence of the fancier green lock.




I think the rebuttal to the CEO today is really very simple.

a) How many of the sites you visit everyday have DV and how many have EV certificates?

b) Name any site at all, that you have visited, where your behavior or opinion has changed because of the certificate?

In truth the green-bar thing disappeared on mobile long before desktop (and in some cases it was never present.)

In truth if you polled all the company staff, or crumbs just the people round the boardroom table (probably including the person complaining) a rounding error from 0 could show you how to even determine if a cert was DV or EV.

EV could have an inspector literally visit your place of business, and it would still have no value because EVs are invisible to site visitors.

reply


it used to be that EV certs had higher insurance if there was a leak of the intermediate private keys and lost data.

Since nobody ever actually leaked an intermediate private key for a CA, people don't recognise the value.

If we had lost payment card information through MITM, we would have been liable for a lot more money.

That was the business justification for EV back when I was doing major ecommerce stuff.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: