Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
Extended validation certificates include information about the legal entity behind the certificate, but not much else. What a legal entity can be turns out to be quite flexible
Unfortunately, users are simply not equipped to deal with the nuances of these entities, and this creates a significant vector for phishing.
Today, I will demonstrate another issue with EV certificates: colliding entity names. Specifically, this site uses an EV certificate for "Stripe, Inc", that was legitimately issued by Comodo. However, when you hear "Stripe, Inc", you are probably thinking of the payment processor incorporated in Delaware. Here, though, you are talking to the "Stripe, Inc" incorporated in Kentucky. This problem can also appear when dealing with different countries.