Exclusion list for Extended Validation Certificate alert

Comodo Dragon - CD Wishlist - CD
1

Site exclusion list for Extended Validation Certificate alert. Lack of this prevents WOT from working, and inhibits surfing on sites that work by default over https (eg www.twitter.com), but do not have EV certificates.

This should apply:

  1. when surfing
  2. to add-ons (eg WOT)

Best wishes & many thanks

Mouse

2

First and foremost, you need to understand the differences between the types of certs out there. WOT has a Domain Validated (DV) Certificate. If they had an OV(Organization Validated) or EV(Extended Validated), there would not be a problem with Dragon. It is the fact that they have a DV cert is the problem! Comodo is all about creating trust and a DV cert supplies little to no trust at all.

They’re in the business of creating trust, yet they can’t share a little detail about themselves? Seems kind of shady to me. I wouldn’t trust them and personally I refuse to do business with people who have DV certs. WOT and Comodo are in the same line of business in some regards and you don’t see Comodo with a DV cert, do you? Do you do business with the man/woman selling office supplies and computers on the corner or do you do business with someone in an actual building? Say like a Best Buy or a Staples.

Twitter too should have an OV or EV cert too. It isn’t like they can’t afford it or supply the necessary information.

Technologically speaking, there is no difference between OV, EV, and DV. It is all based on the level of validation that has occurred. EV has extra attributes on it which set it apart from an OV or DV and that is pretty much it. It doesn’t inhibit its ability to function as an SSL certificate.

OV - One Piece of verifiable Information (Phone/Utility Bill, Drivers License, and a matching WHOIS)
DV - An email Address associated with the domain either via the CA’s list OR from WHOIS.
EV - OV on steroids. It is OV plus some other items such as a callback to the organization (3rd party phone lookup), Legal Opinion and must have been in business at least 3 years. (these are only some of the things required for a full list read the EV guidelines via www.cabforum.org)

In the future, I agree Dragon should “remember” during your browsing section that you “bypassed” the DV warning for that particular site.

3

+1

The user should be warned of (DV) certificates by default, but if they need to access a site regularly there needs to be a way to add them to an exclusion list.

Great idea.

4

+1.