[openssl-users] Question on necessity of SSL_CTX_set_client_CA_list

Viktor Dukhovni openssl-users at dukhovni.org
Thu Dec 6 23:12:07 UTC 2018


> On Dec 6, 2018, at 5:56 PM, Jakob Bohm via openssl-users <openssl-users at openssl.org> wrote:
> 
>> While the point of EV was that it certified a binding to a (domain + business name)
>> rather than just a domain with DV, it turned out that displaying the business name
>> was also subject to abuse, and the security gain proved elusive.
>> 
>>   https://www.troyhunt.com/extended-validation-certificates-are-dead/
> 
> A traveling salesman for a cloud provider.

That's an ad-hominem argument.  Just because he may have an agenda,
does not mean he's wrong.  One might wish he were wrong, but perhaps
the market has spoken otherwise.  Or perhaps he really is wrong, we'll
see...

-- 
	Viktor.



More information about the openssl-users mailing list