Browsers showing positive indicators for DV certs causes Consumer Harm

What does that have to do with anything?

I think you are just avoiding the question, about testing what indicators in a browser that are the most (and least) helpful to users.

As a browser vendor, I expect you to welcome research that helps you design your browser in such a way that it help as many users as possible to make the best security decisions in every situation. If you find the available research unreliable, do your own tests, and publish the report, with method and results and all (trust through transparency).

As a CA, on the other hand, I understand that you welcome some results more than others. CAs, of course, want their products, the certificates, to be as visible as possible in the browser. Not least EV, the currently most visible (and expensive) type of certificate. If the indicator goes away, it will be very hard to sell EV-certificates.

déjà vu … just in a new thread.

https://forums.comodo.com/digital-certificates-encryption-and-digital-signing/hackers-mostly-are-using-free-comodo-certificates-t120243.0.html;msg864310#msg864310

:-TU 88)

Hi Melih,

Heard this yesterday on the Security Now podcast from TWIT.tv -

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

https://www.grc.com/sn/SN-628-Notes.pdf Page 8 - Not good news or PR :-[

Yep… all the details are in the response. We created the CAA standard and we broke it first. Not good! But our guys reacted very quickly. There are also other good things hopefully that will come out of this like a new automated testing platform…because it was so new it was difficult to test CAA, as well as ways to report stuff back to CAs…at the moment its difficult…so lets turn lemon into lemonade by learning from this and improving the overall security posture for the whole industry. A big thank you for the guys who keep a watchful eye on all this and alert us!