Trends to Watch: Extended Verification SSL
Extended Verification (EV) SSL is a new standard intended to give consumers more confidence about doing business online. The standard requires more steps to verify the legitimacy of a business or organization before an SSL certificate is issued. Browsers can use EV certificates to provide additional information to users about a site. Internet Explorer 7, for example, dispalys the URL address with a green background.
The standard was prompted by lax certification practices with earlier SSL certificates. The Associated Press notes "But newer authorities have tried to cut costs and corners by checking only that the site owns the domain name _ not the business said to run on that domain, security experts say. Scam artists _ needing only a credit card and a domain name _ have exploited the loophole to obtain the certificates necessary to appear legitimate."
To get the details on what is required for and EV certificate, see Verisign's certification practice statement. At 100+ pages, that could take a while, Verisign's FAQ is a quicker read.
There are certainly limits to this approach. Small businesses are worried that they'll lose business without EV certs, which are more difficult to get. Some phishers will find away around this, perhaps finding a way to hack the browser and make the URL background turn green without an EV cert. More importantly though is that this is a step in the right direction away toward a more comprehensive model of presumed distrust rather than persumed trust.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
