How long ago was it that users didn't notice or care if the URL was http:// rather than https://? Yet no-one was declaring HTTPS dead on those grounds.
> Apples and encrypted oranges. There's no actual technical difference between EV and DV for the end user, much unlike https vs http...
What does it matter to the end user whether the difference is technical, legal, or procedural? The user just wants to be able to tell the difference between a legit site and a phishing spoof.
> Why does my comment have to be spelled out anyway? I'm having a hard time believing you don't know that or haven't realized it.
The article points out that users and paypal didn't care that their domain wasn't using EV, as if this were a slam-dunk argument against it. But that argument would go through just the same for a domain that wasn't using HTTPS at all.
The difference matters because http vs. https makes a difference regardless of what the user or HN commenters think, whereas EV relies entirely on the user acting in a way that is entirely theoretical and not seen in practice.
