1. Unicode Homograph attacks don't work in a business registration. Someone would have to be able to legally register a business name that fits your look-alike example. That is not possible in most places AFAIK.
So what you re actually pointing out is that domain names are vulnerable to these attacks, which is another reason why DV certificates can fall short.
2. Correct, different companies. This is as intended, but admittedly a weakness in the human-readability of EV certificates.
3. Not all roots can issue EV certificates.
4. It becomes much harder to remain anonymous if you do these things. You are right, it isn't impossible to register a company solely for malicious use. But it carries with it legal risk.
There are no Wildcard EV certificates. You are just describing Wildcards.
Crypto nerds do trust the HTTPS PKI that is why there are about a dozen industry-leading crypto people working at Chrome, Mozilla, etc on PKI crypto.
1. Unicode Homograph attacks don't work in a business registration. Someone would have to be able to legally register a business name that fits your look-alike example. That is not possible in most places AFAIK.
So what you re actually pointing out is that domain names are vulnerable to these attacks, which is another reason why DV certificates can fall short.
2. Correct, different companies. This is as intended, but admittedly a weakness in the human-readability of EV certificates.
3. Not all roots can issue EV certificates.
4. It becomes much harder to remain anonymous if you do these things. You are right, it isn't impossible to register a company solely for malicious use. But it carries with it legal risk.
There are no Wildcard EV certificates. You are just describing Wildcards.
Crypto nerds do trust the HTTPS PKI that is why there are about a dozen industry-leading crypto people working at Chrome, Mozilla, etc on PKI crypto.