Background: Beginning with version 57, Comodo’s browser Dragon has marked any connection secured by LE as affirmatively not secure, without explaining why, or giving the user any advice.
It has been brought up a few times on Comodo’s forum, but never explained. When Dragon 68 beta was released, I asked again, and got the answer that the issue would be fixed in Dragon 68. Yesterday, said version was released, and now it looks like this:
This is how all valid and trusted DV-certificates look in Dragon.
Interesting. Does it show the orange shield for all major sites using DV?
Based on some HN comments I believe the plan of some mainstream browsers is to remove the visual cues differentiating DV and OV/EV certificates. Not surprising given its commercial interest that Comodo chooses to do the opposite, but I guess we’ll see what wins in the end.
Well, I think Comodo’s pretty established themselves as a bad actor, between the incessant FUD against Let’s Encrypt, and their attempt to trademark “Let’s Encrypt” a couple of years back. At least here they aren’t singling out LE, but I guess they, along with a few other CAs, are trying to persuade the CA/B forum to change how they handle DV vs. OV certs.
Though I’m not sure it’s a bad thing to distinguish DV from OV certs in the browser UI, doing so in a way that suggests DV is bad isn’t likely to fly.