EV actually causes a different "secure" UI to display in the browser. Usually it is the name of the corporate entity that the certificate is issued for. If you don't have EV you only get a padlock.

Browsers make changes like that to their UIs all the time. I highly doubt that a member of the general public would notice the difference. Heck, I doubt most developers would notice.

I agree, because I experienced it just now. I'm on Chrome 57 and just realized that Chrome certificate details UI seems to have changed sometime recently.

I remember I could earlier click on the padlock or "Secure" text, click More (or something) on the popup and it would display certificate details in developer tools (which is itself weird, but atleast it was available for end users).

Now, it doesn't give any direct way to see certificate details. "Learn More" just opens a support page with vague details. The only way for a user to see details now is to explicitly launch developer tools. I find this logic a bit weird. Apparently, this is not a bug but a feature [1].

[1]: https://productforums.google.com/forum/#!topic/chrome/kPlY52...

You just made me look, and what I saw made me sad. Even more than I already was. :(

"Let's remove this thing that is super useful while your stated goal could just as easily be reached while keeping the original functionality." Bill Hicks was so incredibly right about marketing.

I noticed that a while ago. I thought I was just doing something wrong.

Oh, I know. But name me a non-IT professional that knows the difference, or would care that their bank has "secure" and not "Bank of America LLC".

I think there are groups of smart PKI/UI people discussing how better to design security warnings at various levels of EV/HTTPS/Partial HTTPS/HTTP.

A. EV certs are bought for a reason, the very "green bar". Customers will notice this and won't be happy about it.

B. the 9 month expiration will also make customers unhappy

Both measures will put operational pressure on Symantecs customers and eventually decrease Symantec's market share in the business.

> A. EV certs are bought for a reason, the very "green bar". Customers will notice this and won't be happy about it.

Are you sure? I've never heard/seen/notice anyone non-technical care remotely. Or even know what it means.

We've been asked about it by "enterprise"-y clients.

It's on the checklist of things companies ask about when assessing third-party services.

Those are not users. Those are people who have read up about SSL certificates and have bought in to the hype.

most business is B2B, I don't see how they're not users.

The business is not the user for SSL. It's the human logging into the website. Maybe Bank of America will care if the padlock in the URL bar is gone, but John Doe couldn't care less and probably has never noticed the green padlock and word secure in the URL bar ever.

Yes, the EV cert market is pretty enterprisy. Those customers need EV certs for compliance and will abandon Symantec to stay compliant.

Yes, you are correct, in that Symantec's customers will care.

I am saying the customers of banks don't give a damn about EV or not. It's not in the literature. It's hard enough to train them not to click through; even I as an IT guy would probably not notice the lack of EV unless there were a modal or bubble saying "Hey! This is different!"

While users don't care, the bank (internal) security policy auditors do and a lot of them have EV cert listed as a requirement.

> name me a non-IT professional that knows the difference, or would care that their bank has "secure"

It has the secure padlock as an image on the page! And a green check mark!