I am assuming Microsoft is aware of how Steve Gibson excoriates IE on his web site.
https://www.grc.com/ssl/ev.htm
--------------
To quote:
It's difficult to understand how they could have messed this up so badly. Especially when the correct behavior is so clear. And it's truly unfortunate, since so many people still rely upon Internet Explorer (IE) for their default web browsing. What's more, Microsoft has been putting a great deal of effort and resources into recent versions of IE in an attempt to rehabilitate its previously well-earned reputation as the worst, least secure, and most dangerous web browser for the Internet.
-----------
Look at the rest of it. So I tried to find some justification for why Microsoft allows Admin to create their own Certs and make them EV capable, but have not. In other words, it is real easy to create your own. Doesn't that break the intent of the EV standard? Or am I missing something?
http://en.wikipedia.org/wiki/Extended_Validation_Certificate
---------------------------
Only CAs who pass an independent audit as part of their WebTrust (or equivalent) review may offer EV, and all CAs globally must follow the same detailed issuance requirements which aim to:
- Establish the legal identity as well as the operational and physical presence of website owner;
- Establish that the applicant is the domain name owner or has exclusive control over the domain name; and
- Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorised officer.
-------------------------
I think he is upset because it seems to reduce the level of scrutiny it takes to get an EV Cert.
Comments?