Which would have made sense if company names were unique - which they aren't. See e.g. https://groups.google.com/g/mozilla.dev.security.policy/c/Nj... for an example of how this was abused.

▲

wbl 11 hours ago | parent [-]

It was used correctly. What CAs wanted to sell wasn't something browsers wanted to support, and EV was the compromise. It just happens that what EV meant wasn't that useful irl.

▲

crote 11 hours ago | parent [-]

What's the alternative, showing the company's unique registration ID?

CAs invented EVs because the wanted to sell something which could make them more money than DVs. The fact that company names aren't unique means that the whole concept was fundamentally flawed from the start: there is no identifier which is both human-readable and guaranteed to uniquely identify an entity. They wanted to sell something which can't exist. The closest thing we have got is... domain names.

	▲	duskwuff 8 hours ago \| parent [-]
		The alternative would have been to have the CA use human judgement when approving EV certificates and reject applications from organizations whose names shadowed better-known firms, or to only accept applications from a select set of organizations (like, say, banks). But either of those possibilities would have increased the cost of the program and limited the pool of applicants, so CAs chose the cheap, easy path which led to EV certificates becoming meaningless.