Fraudulent certificates in the wild — again
Posted Jan 21, 2013 9:08 UTC (Mon) by giraffedata
In reply to: Fraudulent certificates in the wild — again
Parent article: Fraudulent certificates in the wild — again
what fields are filled in do not really matter.
Nonetheless, all the evidence is that having fields filled is in fact what people are buying with Startssl's $60 product. That product is not an EV certificate.
The people who buy the extended validation certs do pay a LOT more to
have themselves scrutinized more, in exchange the browser puts the green
bar when browsing to the site.
I would say they're paying to have the browser put the green bar up (more specifically, they're paying for an EV certificate). If they failed to be scrutinized more in the process, they wouldn't exactly demand a refund.
I think there probably is value, by the way, in having the Organization field filled in in a non-EV certificate. To the extent that a browser user pays any attention to the certified identity at all, many probably realize that even a non-EV certificate has some verification of the information and give the web site correspondingly higher respect if the name of the organization is vouched for than if only the domain name is.
to post comments)