
Extended Validation Is Broken - discreditable
https://stripe.ian.sh/
======
gregmac
This article also links to a post where someone gets an EV certificate for a
company called "Identity Verified" [0], and it's just as bad from a user point
of view, particularly on Safari and iOS where the only thing you see is the EV
certificate name. Name your company "Secure Connection", "Encrypted Site",
"129-bit Secure".. there are endless variants that would likely trick a
significant number of people.

[0] [https://0.me.uk/ev-phishing/](https://0.me.uk/ev-phishing/)

------
pgl
The tweet linking to this[1] is a better headline, I think:

> _I got an extended validation certificate for "Stripe, Inc" but in another
> state. Can you tell the difference?_

[1]
[https://twitter.com/iangcarroll/status/940281927789146112](https://twitter.com/iangcarroll/status/940281927789146112)

~~~
discreditable
I try to stick to the HN guideline: "please use the original title, unless it
is misleading or linkbait"

~~~
pgl
Oh yes, absolutely - I just meant a better headline for the article itself. I
think it's a better summary.

