EV no longer skips smartscreen either nowadays. I understand that was abused, so it's treated as the same as OV. Having a certificate allows the cert itself to accumulate trust (rather than each binary independently doing so) and provides better UX and I suspect an initial small boost to trust signal, but doesn't bypass the initial distrust. There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
reply> EV no longer skips smartscreen either nowadays. I understand that was abused
replyEV was always going to be abused. It started out promising to be a human verified, $10k cert that meant you were GUARANTEED to be who it said you were. Now I can get one for a couple hundred bucks.
The solution is to separate identity from encryption. They never should have been linked.
>There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
replyMaybe have overlapping sets of certificates and dual sign your binaries? That way there's always an "aged" certificate available.
> EV no longer skips smartscreen either nowadays.
replyNot sure of the exact number, but the "nowadays" here is more than a decade.
Last I checked they can still quarantine your binary if it's properly signed and they decided it hasn't gained traction.
reply