Closed Bug 368389 Opened 18 years ago Closed 17 years ago

EV Certs: Study finds IE7 EV Cert interface does not help defeat phishing

Categories

(mozilla.org :: Governance, task)

Product:
mozilla.org
Component:
Governance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: zak, Assigned: zak)

References

(
URL
)

Details

Duane from cacert.org provided me with a link to a recent paper (titled "An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks") that is, in part, on the effectiveness of the EV cert anti-phishing interface in IE7.

While I suspect that this paper is not relevant to the governance-related issues surrounding EV certs, I am still filing it and expect that it will provide useful information for our technical efforts.
Sorry - PEBCAK. I must have misread the error message while attempting to attach the document. Thanks for clearing out the dups.
This document isn't actually particularly relevant to our use or otherwise of EV, unless we are considering adopting the same UI for it as IE. The test was a test of whether their UI helped people to make better decisions.

Gerv
I'd say the document is very relevant, unless you want to repeat the same mistakes others have made that is by ignoring what has already been done.
It's highly relevant to security UI design. 

It's not relevant to whether or not we think that EV validation is better than what people are doing at the moment, or whether we should change NSS to expose EV information to the application, or whether the presence or absence of EV should be a factor we use in indicating to the user our view of a particular site.

Gerv
Thus "bug" does not report a bug in any mozilla product, and it does not
request any specific action to be taken for any mozilla product.  
It seems to be a mere factual note about a competitor's product. 

This begs the question: how will we ever know if/when it has been resolved?
What are the criteria for deciding that is has been resolved?
Heh. Nelson sums up the issue pretty well. We don't really need to track bugs in competing products.

Closing.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.