<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">On 05/05/2021 17:04, Jerry Leichter
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:3E233A6D-408A-441F-B41E-15007B21C259@lrw.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>
<blockquote type="cite" class="">
<div class="">If you buy physical stuff on the basis of NewEgg
reviews, you will make pretty good buys.</div>
<div class=""><br class="">
</div>
<div class="">NewEgg has meta reputation for good curation of
reviews, and reviews on NewEgg have reputation by being on
NewEgg.</div>
</blockquote>
So NewEgg is a trusted third party: I believe the reviews
because NewEgg curates them, and I believe that NewEgg does a
good (and, importantly) honest job. OK.</div>
</blockquote>
Which seems reasonable; one of the nice things about personas that
aren't linked to your real identity is that they can STILL gain a
reputation, and this is where things like pgp signatures can come in
handy, to make fake comments attributed to your persona easier to
detect.<br>
<br>
<blockquote type="cite"
cite="mid:3E233A6D-408A-441F-B41E-15007B21C259@lrw.com">
<div>
<blockquote type="cite" class="">
<div class="">
<div class="">What curation do CAs do? Having CA authorities
in the middle does not make the connection to the real
world</div>
</div>
</blockquote>
<blockquote type="cite" class="">
<div class="">better, it makes it worse.</div>
</blockquote>
If you ask them, they check that someone claiming to be <a
href="http://newegg.com" class="" moz-do-not-send="true">newegg.com</a> really
*is* <a href="http://newegg.com" class=""
moz-do-not-send="true">newegg.com</a>. Oh, they let a whole
bunch of fakers through - and of course they accept zero
liability when you rely on them? You shouldn't trust just
ordinary certs - you should look for those special EV certs for
which they charge a whole bunch extra - and still accept no
liability. (Is anyone really still buying EV certs? It occurs
to me that I haven't seen the green outline in quite some time.)</div>
</blockquote>
<p>I think the browsers stopped bothering to highlight it, because
for good reasons, nobody cares. All an EV shows is that you spent
more money on the cert; it doesn't make it any more secure.<br>
</p>
</body>
</html>